Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1157817
Summary: | [RFE] Allow importing inline OpenVPN certificates (e.g. frootvpn.com) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mikhail <mikhail.v.gavrilov> | ||||||
Component: | NetworkManager | Assignee: | Lubomir Rintel <lkundrak> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 23 | CC: | bgalvani, cmptuomp3, dcbw, lrintel, psimerda, rkhan, ward | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | NetworkManager-1.0.10-2.fc23 NetworkManager-1.0.10-2.fc22 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2016-01-08 20:54:29 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Mikhail
2014-10-27 18:29:18 UTC
Created attachment 951112 [details]
frootvpn.ovpn
I see the exact same problem. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. *** Bug 1267252 has been marked as a duplicate of this bug. *** Implemented and pushed to upstream branch jk/rh1157817-import-inline-certs Looks fine in general. I'm wondering why you're treating EEXIST specially? What if ~/.cert exists and is not a directory? + /* If the dir doesn't exist, create it */ + if (!g_file_test (dirname, G_FILE_TEST_IS_DIR)) { + if (mkdir (dirname, 0755) < 0) { + if (errno != EEXIST) + goto finish; + } + } Also, could you drop the start_tag and end_tag arguments? They're probably inferrable from key in the same way as you infer blob_mark_start and blob_mark_end. +static gboolean +handle_blob_item (const char **line, + const char *start_tag, + const char *end_tag, + const char *key, + NMSettingVPN *s_vpn, + const char *name, + GError **error) Can you also look into this: https://bugzilla.redhat.com/show_bug.cgi?id=1074830 needed always place certificates in ~/.cert directory even when they stored separately. + while (*p && strcmp (*p, blob_mark_end)) { + g_string_append (in_file, *p); + g_string_append_c (in_file, '\n'); + p++; + } + p++; + if (strncmp (*p, end_tag, strlen (end_tag))) If the file doesn't contain the end tag, *p becomes NULL then p is incremented and dereferenced again. I think this is wrong. + if (handle_blob_item ((const char **)line, CA_BLOB_START_TAG, CA_BLOB_END_TAG, + NM_OPENVPN_KEY_CA, s_vpn, basename, NULL)) + continue; Shouldn't we pass &line, so that the function can move the pointer forward and the blob lines are not evaluated again? (In reply to Lubomir Rintel from comment #6) > Looks fine in general. > > I'm wondering why you're treating EEXIST specially? What if ~/.cert exists > and is not a directory? > > + /* If the dir doesn't exist, create it */ > + if (!g_file_test (dirname, G_FILE_TEST_IS_DIR)) { > + if (mkdir (dirname, 0755) < 0) { > + if (errno != EEXIST) > + goto finish; > + } > + } > You are right. Fixed that. > Also, could you drop the start_tag and end_tag arguments? They're probably > inferrable from key in the same way as you infer blob_mark_start and > blob_mark_end. > > +static gboolean > +handle_blob_item (const char **line, > + const char *start_tag, > + const char *end_tag, > + const char *key, > + NMSettingVPN *s_vpn, > + const char *name, > + GError **error) Done. (In reply to Beniamino Galvani from comment #8) > + while (*p && strcmp (*p, blob_mark_end)) { > + g_string_append (in_file, *p); > + g_string_append_c (in_file, '\n'); > + p++; > + } > + p++; > + if (strncmp (*p, end_tag, strlen (end_tag))) > > If the file doesn't contain the end tag, *p becomes NULL then p is > incremented and dereferenced again. I think this is wrong. > Fixed. > + if (handle_blob_item ((const char **)line, > CA_BLOB_START_TAG, CA_BLOB_END_TAG, > + NM_OPENVPN_KEY_CA, s_vpn, basename, > NULL)) > + continue; > > Shouldn't we pass &line, so that the function can move the pointer > forward and the blob lines are not evaluated again? Done. Fine with me now. Committed upstream: master: 4a9d93a import: allow importing configurations with inline certificates (rh #1157817) nm-1-0: dcf7f4d import: allow importing configurations with inline certificates (rh #1157817) This message is a reminder that Fedora 21 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 21. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '21'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 21 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. NetworkManager-vpnc-1.0.8-1.fc23 NetworkManager-openconnect-1.0.8-1.fc23 NetworkManager-openvpn-1.0.8-1.fc23 NetworkManager-openswan-1.0.8-1.fc23 NetworkManager-fortisslvpn-1.0.8-1.fc23 NetworkManager-1.0.8-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ae867c402 NetworkManager-vpnc-1.0.8-1.fc22 NetworkManager-openconnect-1.0.8-1.fc22 NetworkManager-openvpn-1.0.8-1.fc22 NetworkManager-openswan-1.0.8-1.fc22 NetworkManager-fortisslvpn-1.0.8-1.fc22 NetworkManager-1.0.8-1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-efc06edc85 NetworkManager-1.0.8-1.fc23, NetworkManager-fortisslvpn-1.0.8-1.fc23, NetworkManager-openconnect-1.0.8-1.fc23, NetworkManager-openswan-1.0.8-1.fc23, NetworkManager-openvpn-1.0.8-1.fc23, NetworkManager-vpnc-1.0.8-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update NetworkManager NetworkManager-fortisslvpn NetworkManager-openswan NetworkManager-openvpn NetworkManager-openconnect NetworkManager-vpnc' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ae867c402 NetworkManager-1.0.8-1.fc22, NetworkManager-fortisslvpn-1.0.8-1.fc22, NetworkManager-openconnect-1.0.8-1.fc22, NetworkManager-openswan-1.0.8-1.fc22, NetworkManager-openvpn-1.0.8-1.fc22, NetworkManager-vpnc-1.0.8-1.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update NetworkManager NetworkManager-fortisslvpn NetworkManager-openswan NetworkManager-openvpn NetworkManager-openconnect NetworkManager-vpnc' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-efc06edc85 NetworkManager-1.0.10-1.fc23 NetworkManager-fortisslvpn-1.0.8-1.fc23 NetworkManager-openconnect-1.0.8-1.fc23 NetworkManager-openswan-1.0.8-1.fc23 NetworkManager-openvpn-1.0.8-1.fc23 NetworkManager-vpnc-1.0.8-1.fc23 network-manager-applet-1.0.10-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ae867c402 NetworkManager-fortisslvpn-1.0.8-1.fc22 NetworkManager-openconnect-1.0.8-1.fc22 NetworkManager-openswan-1.0.8-1.fc22 NetworkManager-openvpn-1.0.8-1.fc22 NetworkManager-vpnc-1.0.8-1.fc22 network-manager-applet-1.0.10-1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-efc06edc85 NetworkManager-1.0.10-1.fc23, NetworkManager-fortisslvpn-1.0.8-1.fc23, NetworkManager-openconnect-1.0.8-1.fc23, NetworkManager-openswan-1.0.8-1.fc23, NetworkManager-openvpn-1.0.8-1.fc23, NetworkManager-vpnc-1.0.8-1.fc23, network-manager-applet-1.0.10-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ae867c402 NetworkManager-1.0.10-1.fc22, NetworkManager-fortisslvpn-1.0.8-1.fc22, NetworkManager-openconnect-1.0.8-1.fc22, NetworkManager-openswan-1.0.8-1.fc22, NetworkManager-openvpn-1.0.8-1.fc22, NetworkManager-vpnc-1.0.8-1.fc22, network-manager-applet-1.0.10-1.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-efc06edc85 NetworkManager-1.0.10-2.fc23 NetworkManager-fortisslvpn-1.0.8-1.fc23 NetworkManager-openconnect-1.0.8-1.fc23 NetworkManager-openswan-1.0.8-1.fc23 NetworkManager-openvpn-1.0.8-1.fc23 NetworkManager-vpnc-1.0.8-1.fc23 network-manager-applet-1.0.10-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ae867c402 NetworkManager-1.0.10-2.fc22 NetworkManager-fortisslvpn-1.0.8-1.fc22 NetworkManager-openconnect-1.0.8-1.fc22 NetworkManager-openswan-1.0.8-1.fc22 NetworkManager-openvpn-1.0.8-1.fc22 NetworkManager-vpnc-1.0.8-1.fc22 network-manager-applet-1.0.10-1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-efc06edc85 NetworkManager-1.0.10-2.fc22, NetworkManager-fortisslvpn-1.0.8-1.fc22, NetworkManager-openconnect-1.0.8-1.fc22, NetworkManager-openswan-1.0.8-1.fc22, NetworkManager-openvpn-1.0.8-1.fc22, NetworkManager-vpnc-1.0.8-1.fc22, network-manager-applet-1.0.10-1.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-efc06edc85 NetworkManager-1.0.10-2.fc23, NetworkManager-fortisslvpn-1.0.8-1.fc23, NetworkManager-openconnect-1.0.8-1.fc23, NetworkManager-openswan-1.0.8-1.fc23, NetworkManager-openvpn-1.0.8-1.fc23, NetworkManager-vpnc-1.0.8-1.fc23, network-manager-applet-1.0.10-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-2ae867c402 NetworkManager-1.0.10-2.fc23, NetworkManager-fortisslvpn-1.0.8-1.fc23, NetworkManager-openconnect-1.0.8-1.fc23, NetworkManager-openswan-1.0.8-1.fc23, NetworkManager-openvpn-1.0.8-1.fc23, NetworkManager-vpnc-1.0.8-1.fc23, network-manager-applet-1.0.10-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. NetworkManager-1.0.10-2.fc22, NetworkManager-fortisslvpn-1.0.8-1.fc22, NetworkManager-openconnect-1.0.8-1.fc22, NetworkManager-openswan-1.0.8-1.fc22, NetworkManager-openvpn-1.0.8-1.fc22, NetworkManager-vpnc-1.0.8-1.fc22, network-manager-applet-1.0.10-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |