nm: Make local identity configurable
authorTobias Brunner <tobias@strongswan.org>
Wed, 12 Feb 2020 10:39:07 +0000 (11:39 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 14 Feb 2020 13:45:32 +0000 (14:45 +0100)
For PSK authentication we now use the local identity and not the username
field.

src/frontends/gnome/po/de.po
src/frontends/gnome/properties/nm-strongswan-dialog.ui
src/frontends/gnome/properties/nm-strongswan.c

index 84a4cd9..91486fa 100644 (file)
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: NetworkManager-strongswan\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-02-07 16:59+0100\n"
+"POT-Creation-Date: 2020-02-12 12:06+0100\n"
 "PO-Revision-Date: 2019-12-18 17:10+0100\n"
 "Last-Translator: Tobias Brunner\n"
 "Language-Team: de <info@strongswan.org>\n"
@@ -25,31 +25,31 @@ msgstr "IPsec/IKEv2 (strongswan)"
 msgid "IPsec with the IKEv2 key exchange protocol."
 msgstr "IPsec mit dem IKEv2 Protokoll."
 
-#: ../properties/nm-strongswan.c:335
+#: ../properties/nm-strongswan.c:366
 msgid "EAP (Username/Password)"
 msgstr "EAP (Benutzername/Passwort)"
 
-#: ../properties/nm-strongswan.c:336
+#: ../properties/nm-strongswan.c:367
 msgid "Certificate"
 msgstr "Zertifikat"
 
-#: ../properties/nm-strongswan.c:337
+#: ../properties/nm-strongswan.c:368
 msgid "EAP-TLS"
 msgstr "EAP-TLS"
 
-#: ../properties/nm-strongswan.c:338
+#: ../properties/nm-strongswan.c:369
 msgid "Pre-shared key"
 msgstr "Pre-shared Key"
 
-#: ../properties/nm-strongswan.c:365
+#: ../properties/nm-strongswan.c:395
 msgid "Certificate/private key"
 msgstr "Zertifikat/Privater Schlüssel"
 
-#: ../properties/nm-strongswan.c:366
+#: ../properties/nm-strongswan.c:396
 msgid "Certificate/ssh-agent"
 msgstr "Zertifikat/ssh-agent"
 
-#: ../properties/nm-strongswan.c:367
+#: ../properties/nm-strongswan.c:397
 msgid "Smartcard"
 msgstr "Smartcard"
 
@@ -148,8 +148,10 @@ msgid "_Username:"
 msgstr "_Benutzername:"
 
 #: ../properties/nm-strongswan-dialog.ui.h:20
-msgid "The username (identity) to use for authentication against the server."
-msgstr "Benutzername/Identität für die Authentisierung gegenüber dem Server."
+msgid ""
+"The username (EAP identity) to use for authentication against the server."
+msgstr ""
+"Benutzername/EAP-Identität für die Authentisierung gegenüber dem Server."
 
 #: ../properties/nm-strongswan-dialog.ui.h:21
 msgid "_Password:"
@@ -172,14 +174,32 @@ msgid "_Show password"
 msgstr "Passwort _anzeigen"
 
 #: ../properties/nm-strongswan-dialog.ui.h:25
+msgid "I_dentity:"
+msgstr "I_dentität:"
+
+#: ../properties/nm-strongswan-dialog.ui.h:26
+msgid ""
+"Defaults to the username (EAP), the client certificate's subject DN "
+"(certificate/EAP-TLS), or the IP address (PSK). Custom values may be used if "
+"expected/required by the server."
+msgstr ""
+"Standardwert ist der Benutzername (EAP), die Inhaber-Identität des "
+"Zertifikats (Zertifikat/EAP-TLS) oder die IP-Adresse (PSK). Eigene Werte "
+"können verwendet werden, falls der Server diese erwartet/benötigt."
+
+#: ../properties/nm-strongswan-dialog.ui.h:27
+msgid "(Defaults to username, certificate subject or IP address)"
+msgstr "(Standardwert ist der Benutzername, die Zertifikats-ID oder die IP)"
+
+#: ../properties/nm-strongswan-dialog.ui.h:28
 msgid "<b>Options</b>"
 msgstr "<b>Optionen</b>"
 
-#: ../properties/nm-strongswan-dialog.ui.h:26
+#: ../properties/nm-strongswan-dialog.ui.h:29
 msgid "Request an _inner IP address"
 msgstr "_Innere IP-Adresse beziehen"
 
-#: ../properties/nm-strongswan-dialog.ui.h:27
+#: ../properties/nm-strongswan-dialog.ui.h:30
 msgid ""
 "The server may provide addresses from a pool to use for communication in the "
 "VPN. Check to request such an address."
@@ -188,11 +208,11 @@ msgstr ""
 "Kommunikation im dahinterliegenden Netz verwenden kann. Aktivieren, um eine "
 "solche Adresse zu beziehen."
 
-#: ../properties/nm-strongswan-dialog.ui.h:28
+#: ../properties/nm-strongswan-dialog.ui.h:31
 msgid "En_force UDP encapsulation"
 msgstr "Erzwingen einer zusätzlichen Einbettung der Datenpakete in _UDP"
 
-#: ../properties/nm-strongswan-dialog.ui.h:29
+#: ../properties/nm-strongswan-dialog.ui.h:32
 msgid ""
 "Some firewalls block ESP traffic. Enforcing UDP capsulation even if no NAT "
 "situation is detected might help in such cases."
@@ -201,11 +221,11 @@ msgstr ""
 "erzwingen einer zustzlichen Einbettung in UDP, auch wenn kein NAT-Router "
 "detektiert wurde, kann in solchen Situationen hilfreich sein."
 
-#: ../properties/nm-strongswan-dialog.ui.h:30
+#: ../properties/nm-strongswan-dialog.ui.h:33
 msgid "Use IP c_ompression"
 msgstr "IP-Pakete k_omprimieren"
 
-#: ../properties/nm-strongswan-dialog.ui.h:31
+#: ../properties/nm-strongswan-dialog.ui.h:34
 msgid ""
 "IPComp compresses raw IP packets before they get encrypted. This saves some "
 "bandwidth, but uses more processing power."
@@ -213,27 +233,27 @@ msgstr ""
 "IPComp komprimiert IP-Pakete, bevor sie verschlüsselt werden. Diese Option "
 "kann Bandbreite sparen, benötigt jedoch zusätzliche Rechenleistung."
 
-#: ../properties/nm-strongswan-dialog.ui.h:32
+#: ../properties/nm-strongswan-dialog.ui.h:35
 msgid "<b>Cipher proposals</b>"
 msgstr "<b>Algorithmen</b>"
 
-#: ../properties/nm-strongswan-dialog.ui.h:33
+#: ../properties/nm-strongswan-dialog.ui.h:36
 msgid "_Enable custom proposals"
 msgstr "_Eigene Algorithmen verwenden"
 
-#: ../properties/nm-strongswan-dialog.ui.h:34
+#: ../properties/nm-strongswan-dialog.ui.h:37
 msgid "_IKE:"
 msgstr "_IKE:"
 
-#: ../properties/nm-strongswan-dialog.ui.h:35
+#: ../properties/nm-strongswan-dialog.ui.h:38
 msgid "A list of proposals for IKE separated by \";\""
 msgstr "Eine Liste von Proposals für IKE getrennt mit \";\""
 
-#: ../properties/nm-strongswan-dialog.ui.h:36
+#: ../properties/nm-strongswan-dialog.ui.h:39
 msgid "_ESP:"
 msgstr "_ESP:"
 
-#: ../properties/nm-strongswan-dialog.ui.h:37
+#: ../properties/nm-strongswan-dialog.ui.h:40
 msgid "A list of proposals for ESP separated by \";\""
 msgstr "Eine Liste von Proposals für ESP getrennt mit \";\""
 
index 004177b..c9bd266 100644 (file)
               </object>
               <packing>
                 <property name="left_attach">0</property>
-                <property name="top_attach">4</property>
+                <property name="top_attach">5</property>
               </packing>
             </child>
             <child>
               <object class="GtkEntry" id="user-entry">
                 <property name="visible">True</property>
                 <property name="can_focus">True</property>
-                <property name="tooltip_text" translatable="yes">The username (identity) to use for authentication against the server.</property>
+                <property name="tooltip_text" translatable="yes">The username (EAP identity) to use for authentication against the server.</property>
                 <property name="hexpand">True</property>
                 <property name="primary_icon_activatable">False</property>
                 <property name="secondary_icon_activatable">False</property>
               </object>
               <packing>
                 <property name="left_attach">1</property>
-                <property name="top_attach">4</property>
+                <property name="top_attach">5</property>
               </packing>
             </child>
             <child>
               </object>
               <packing>
                 <property name="left_attach">0</property>
-                <property name="top_attach">5</property>
+                <property name="top_attach">6</property>
               </packing>
             </child>
             <child>
               </object>
               <packing>
                 <property name="left_attach">1</property>
-                <property name="top_attach">5</property>
+                <property name="top_attach">6</property>
               </packing>
             </child>
             <child>
               </object>
               <packing>
                 <property name="left_attach">1</property>
-                <property name="top_attach">6</property>
+                <property name="top_attach">7</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkLabel" id="local-identity-label">
+                <property name="visible">True</property>
+                <property name="can_focus">False</property>
+                <property name="label" translatable="yes">I_dentity:</property>
+                <property name="use_underline">True</property>
+                <property name="xalign">0</property>
+              </object>
+              <packing>
+                <property name="left_attach">0</property>
+                <property name="top_attach">4</property>
+              </packing>
+            </child>
+            <child>
+              <object class="GtkEntry" id="local-identity-entry">
+                <property name="visible">True</property>
+                <property name="can_focus">True</property>
+                <property name="tooltip_text" translatable="yes">Defaults to the username (EAP), the client certificate's subject DN (certificate/EAP-TLS), or the IP address (PSK). Custom values may be used if expected/required by the server.</property>
+                <property name="hexpand">True</property>
+                <property name="primary_icon_activatable">False</property>
+                <property name="secondary_icon_activatable">False</property>
+                <property name="placeholder_text" translatable="yes">(Defaults to username, certificate subject or IP address)</property>
+              </object>
+              <packing>
+                <property name="left_attach">1</property>
+                <property name="top_attach">4</property>
               </packing>
             </child>
             <child>
index d84f63c..9aeb274 100644 (file)
@@ -146,10 +146,14 @@ check_validity (StrongswanPluginUiWidget *self, GError **error)
        return TRUE;
 }
 
-static void update_user_pass_fields (StrongswanPluginUiWidgetPrivate *priv, gboolean enabled)
+static void update_user_field (StrongswanPluginUiWidgetPrivate *priv, gboolean enabled)
 {
        gtk_widget_set_sensitive (GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-label")), enabled);
        gtk_widget_set_sensitive (GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry")), enabled);
+}
+
+static void update_pass_field (StrongswanPluginUiWidgetPrivate *priv, gboolean enabled)
+{
        gtk_widget_set_sensitive (GTK_WIDGET (gtk_builder_get_object (priv->builder, "passwd-show")), enabled);
        gtk_widget_set_sensitive (GTK_WIDGET (gtk_builder_get_object (priv->builder, "passwd-label")), enabled);
        gtk_widget_set_sensitive (GTK_WIDGET (gtk_builder_get_object (priv->builder, "passwd-entry")), enabled);
@@ -193,15 +197,21 @@ static void update_sensitive (StrongswanPluginUiWidgetPrivate *priv)
                        gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
                        /* FALL */
                case 0:
-               case 3:
-                       update_user_pass_fields (priv, TRUE);
+                       update_user_field (priv, TRUE);
+                       update_pass_field (priv, TRUE);
                        update_cert_fields (priv, FALSE);
                        break;
                case 1:
                case 2:
-                       update_user_pass_fields (priv, FALSE);
+                       update_user_field (priv, FALSE);
+                       update_pass_field (priv, FALSE);
                        update_cert_fields (priv, TRUE);
                        break;
+               case 3:
+                       update_user_field (priv, FALSE);
+                       update_pass_field (priv, TRUE);
+                       update_cert_fields (priv, FALSE);
+                       break;
        }
 
 }
@@ -292,6 +302,9 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError
        const char *value, *method;
 
        settings = NM_SETTING_VPN(nm_connection_get_setting(connection, NM_TYPE_SETTING_VPN));
+
+       method = nm_setting_vpn_get_data_item (settings, "method");
+
        widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "address-entry"));
        value = nm_setting_vpn_get_data_item (settings, "address");
        if (value)
@@ -316,9 +329,19 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError
                gtk_entry_set_text (GTK_ENTRY (widget), value);
        g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
 
+       widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "local-identity-entry"));
+       value = nm_setting_vpn_get_data_item (settings, "local-identity");
+       /* fallback to the username for old PSK configs */
+       if (!value && method && g_strcmp0 (method, "psk") == 0)
+               value = nm_setting_vpn_get_data_item (settings, "user");
+       if (value)
+               gtk_entry_set_text (GTK_ENTRY (widget), value);
+       g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
+
        widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user-entry"));
        value = nm_setting_vpn_get_data_item (settings, "user");
-       if (value)
+       /* PSK auth now uses local identity, see above */
+       if (value && method && g_strcmp0 (method, "psk") != 0)
                gtk_entry_set_text (GTK_ENTRY (widget), value);
        g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (settings_changed_cb), self);
 
@@ -336,22 +359,21 @@ init_plugin_ui (StrongswanPluginUiWidget *self, NMConnection *connection, GError
        gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Certificate"));
        gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("EAP-TLS"));
        gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT (widget), _("Pre-shared key"));
-       method = value = nm_setting_vpn_get_data_item (settings, "method");
-       if (value) {
-               if (g_strcmp0 (value, "eap") == 0) {
+       if (method) {
+               if (g_strcmp0 (method, "eap") == 0) {
                        gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0);
                }
-               if (g_strcmp0 (value, "cert") == 0 ||
-                       g_strcmp0 (value, "key") == 0 ||
-                       g_strcmp0 (value, "agent") == 0 ||
-                       g_strcmp0 (value, "smartcard") == 0)
+               if (g_strcmp0 (method, "cert") == 0 ||
+                       g_strcmp0 (method, "key") == 0 ||
+                       g_strcmp0 (method, "agent") == 0 ||
+                       g_strcmp0 (method, "smartcard") == 0)
                {
                        gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1);
                }
-               if (g_strcmp0 (value, "eap-tls") == 0) {
+               if (g_strcmp0 (method, "eap-tls") == 0) {
                        gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 2);
                }
-               if (g_strcmp0 (value, "psk") == 0) {
+               if (g_strcmp0 (method, "psk") == 0) {
                        gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 3);
                }
        }
@@ -583,6 +605,7 @@ update_connection (NMVpnEditor *iface,
        save_file_chooser (settings, priv->builder, "certificate-button", "certificate");
        save_entry (settings, priv->builder, "remote-identity-entry", "remote-identity");
        save_entry (settings, priv->builder, "server-port-entry", "server-port");
+       save_entry (settings, priv->builder, "local-identity-entry", "local-identity");
 
        widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "method-combo"));
        switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)))