nm-setting-vpn.c 24.2 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/*
 * Dan Williams <dcbw@redhat.com>
 * Tambet Ingo <tambet@gmail.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301 USA.
 *
21
 * (C) Copyright 2007 - 2011 Red Hat, Inc.
22 23
 * (C) Copyright 2007 - 2008 Novell, Inc.
 */
24 25

#include <string.h>
26 27
#include <errno.h>
#include <stdlib.h>
28 29 30 31
#include <dbus/dbus-glib.h>
#include "nm-setting-vpn.h"
#include "nm-param-spec-specialized.h"
#include "nm-utils.h"
32
#include "nm-dbus-glib-types.h"
33
#include "nm-setting-private.h"
34

35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
/**
 * SECTION:nm-setting-vpn
 * @short_description: Describes connection properties for Virtual Private Networks
 * @include: nm-setting-vpn.h
 *
 * The #NMSettingVPN object is a #NMSetting subclass that describes properties
 * necessary for connection to Virtual Private Networks.  NetworkManager uses
 * a plugin architecture to allow easier use of new VPN types, and this
 * setting abstracts the configuration for those plugins.  Since the configuration
 * options are only known to the VPN plugins themselves, the VPN configuration
 * options are stored as key/value pairs of strings rather than GObject
 * properties.
 **/

/**
 * nm_setting_vpn_error_quark:
 *
 * Registers an error quark for #NMSettingVPN if necessary.
 *
 * Returns: the error quark used for #NMSettingVPN errors.
 **/
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
GQuark
nm_setting_vpn_error_quark (void)
{
	static GQuark quark;

	if (G_UNLIKELY (!quark))
		quark = g_quark_from_static_string ("nm-setting-vpn-error-quark");
	return quark;
}

/* This should really be standard. */
#define ENUM_ENTRY(NAME, DESC) { NAME, "" #NAME "", DESC }

GType
nm_setting_vpn_error_get_type (void)
{
	static GType etype = 0;

	if (etype == 0) {
		static const GEnumValue values[] = {
			/* Unknown error. */
			ENUM_ENTRY (NM_SETTING_VPN_ERROR_UNKNOWN, "UnknownError"),
			/* The specified property was invalid. */
			ENUM_ENTRY (NM_SETTING_VPN_ERROR_INVALID_PROPERTY, "InvalidProperty"),
			/* The specified property was missing and is required. */
			ENUM_ENTRY (NM_SETTING_VPN_ERROR_MISSING_PROPERTY, "MissingProperty"),
			{ 0, 0, 0 }
		};
		etype = g_enum_register_static ("NMSettingVpnError", values);
	}
	return etype;
}


90 91
G_DEFINE_TYPE (NMSettingVPN, nm_setting_vpn, NM_TYPE_SETTING)

92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121
#define NM_SETTING_VPN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_SETTING_VPN, NMSettingVPNPrivate))

typedef struct {
	char *service_type;

	/* username of the user requesting this connection, thus
	 * it's really only valid for user connections, and it also
	 * should never be saved out to persistent config.
	 */
	char *user_name;

	/* The hash table is created at setting object
	 * init time and should not be replaced.  It is
	 * a char * -> char * mapping, and both the key
	 * and value are owned by the hash table, and should
	 * be allocated with functions whose value can be
	 * freed with g_free().  Should not contain secrets.
	 */
	GHashTable *data;

	/* The hash table is created at setting object
	 * init time and should not be replaced.  It is
	 * a char * -> char * mapping, and both the key
	 * and value are owned by the hash table, and should
	 * be allocated with functions whose value can be
	 * freed with g_free().  Should contain secrets only.
	 */
	GHashTable *secrets;
} NMSettingVPNPrivate;

122 123 124 125
enum {
	PROP_0,
	PROP_SERVICE_TYPE,
	PROP_USER_NAME,
126
	PROP_DATA,
127
	PROP_SECRETS,
128 129 130 131

	LAST_PROP
};

132 133 134 135 136 137 138
/**
 * nm_setting_vpn_new:
 *
 * Creates a new #NMSettingVPN object with default values.
 *
 * Returns: (transfer full): the new empty #NMSettingVPN object
 **/
139 140 141 142 143 144
NMSetting *
nm_setting_vpn_new (void)
{
	return (NMSetting *) g_object_new (NM_TYPE_SETTING_VPN, NULL);
}

145 146
/**
 * nm_setting_vpn_get_service_type:
Dan Williams's avatar
Dan Williams committed
147
 * @setting: the #NMSettingVPN
148 149 150 151 152 153
 *
 * Returns the service name of the VPN, which identifies the specific VPN
 * plugin that should be used to connect to this VPN.
 *
 * Returns: the VPN plugin's service name
 **/
154 155 156 157 158 159 160 161
const char *
nm_setting_vpn_get_service_type (NMSettingVPN *setting)
{
	g_return_val_if_fail (NM_IS_SETTING_VPN (setting), NULL);

	return NM_SETTING_VPN_GET_PRIVATE (setting)->service_type;
}

162 163 164 165 166 167
/**
 * nm_setting_vpn_get_user_name:
 * @setting: the #NMSettingVPN
 *
 * Returns: the #NMSettingVPN:user-name property of the setting
 **/
168 169 170 171 172 173 174 175
const char *
nm_setting_vpn_get_user_name (NMSettingVPN *setting)
{
	g_return_val_if_fail (NM_IS_SETTING_VPN (setting), NULL);

	return NM_SETTING_VPN_GET_PRIVATE (setting)->user_name;
}

176 177 178 179 180 181 182 183 184 185
/**
 * nm_setting_vpn_add_data_item:
 * @setting: the #NMSettingVPN
 * @key: a name that uniquely identifies the given value @item
 * @item: the value to be referenced by @key
 *
 * Establishes a relationship between @key and @item internally in the
 * setting which may be retrieved later.  Should not be used to store passwords
 * or other secrets, which is what nm_setting_vpn_add_secret() is for.
 **/
186 187 188 189 190 191
void
nm_setting_vpn_add_data_item (NMSettingVPN *setting,
                              const char *key,
                              const char *item)
{
	g_return_if_fail (NM_IS_SETTING_VPN (setting));
192 193 194 195
	g_return_if_fail (key != NULL);
	g_return_if_fail (strlen (key) > 0);
	g_return_if_fail (item != NULL);
	g_return_if_fail (strlen (item) > 0);
196 197 198 199 200

	g_hash_table_insert (NM_SETTING_VPN_GET_PRIVATE (setting)->data,
	                     g_strdup (key), g_strdup (item));
}

201 202 203 204 205 206 207 208 209 210
/**
 * nm_setting_vpn_get_data_item:
 * @setting: the #NMSettingVPN
 * @key: the name of the data item to retrieve
 *
 * Retrieves the data item of a key/value relationship previously established
 * by nm_setting_vpn_add_data_item().
 *
 * Returns: the data item, if any
 **/
211 212 213 214 215 216 217 218
const char *
nm_setting_vpn_get_data_item (NMSettingVPN *setting, const char *key)
{
	g_return_val_if_fail (NM_IS_SETTING_VPN (setting), NULL);

	return (const char *) g_hash_table_lookup (NM_SETTING_VPN_GET_PRIVATE (setting)->data, key);
}

219 220 221 222 223 224 225 226
/**
 * nm_setting_vpn_remove_data_item:
 * @setting: the #NMSettingVPN
 * @key: the name of the data item to remove
 *
 * Deletes a key/value relationship previously established by
 * nm_setting_vpn_add_data_item().
 **/
227 228 229 230 231 232 233 234
void
nm_setting_vpn_remove_data_item (NMSettingVPN *setting, const char *key)
{
	g_return_if_fail (NM_IS_SETTING_VPN (setting));

	g_hash_table_remove (NM_SETTING_VPN_GET_PRIVATE (setting)->data, key);
}

235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264
static void
foreach_item_helper (GHashTable *hash,
                     NMVPNIterFunc func,
                     gpointer user_data)
{
	GList *keys, *liter;
	GSList *copied = NULL, *siter;

	g_return_if_fail (hash != NULL);

	/* Grab keys and copy them so that the callback func can modify
	 * the hash table items if it wants to.
	 */
	keys = g_hash_table_get_keys (hash);
	for (liter = keys; liter; liter = g_list_next (liter))
		copied = g_slist_prepend (copied, g_strdup (liter->data));
	copied = g_slist_reverse (copied);
	g_list_free (keys);

	for (siter = copied; siter; siter = g_slist_next (siter)) {
		gpointer value;

		value = g_hash_table_lookup (hash, siter->data);
		func (siter->data, value, user_data);
	}

	g_slist_foreach (copied, (GFunc) g_free, NULL);
	g_slist_free (copied);
}

265 266 267 268
/**
 * nm_setting_vpn_foreach_data_item:
 * @setting: a #NMSettingVPN
 * @func: (scope call): an user provided function
269
 * @user_data: data to be passed to @func
270
 *
271 272 273
 * Iterates all data items stored in this setting.  It is safe to add, remove,
 * and modify data items inside @func, though any additions or removals made
 * during iteration will not be part of the iteration.
274
 */
275 276
void
nm_setting_vpn_foreach_data_item (NMSettingVPN *setting,
277
                                  NMVPNIterFunc func,
278 279
                                  gpointer user_data)
{
280
	g_return_if_fail (setting != NULL);
281 282
	g_return_if_fail (NM_IS_SETTING_VPN (setting));

283
	foreach_item_helper (NM_SETTING_VPN_GET_PRIVATE (setting)->data, func, user_data);
284 285
}

286 287 288 289 290 291 292 293 294
/**
 * nm_setting_vpn_add_secret:
 * @setting: the #NMSettingVPN
 * @key: a name that uniquely identifies the given secret @secret
 * @secret: the secret to be referenced by @key
 *
 * Establishes a relationship between @key and @secret internally in the
 * setting which may be retrieved later.
 **/
295 296 297 298 299 300
void
nm_setting_vpn_add_secret (NMSettingVPN *setting,
                           const char *key,
                           const char *secret)
{
	g_return_if_fail (NM_IS_SETTING_VPN (setting));
301 302 303 304
	g_return_if_fail (key != NULL);
	g_return_if_fail (strlen (key) > 0);
	g_return_if_fail (secret != NULL);
	g_return_if_fail (strlen (secret) > 0);
305 306 307 308 309

	g_hash_table_insert (NM_SETTING_VPN_GET_PRIVATE (setting)->secrets,
	                     g_strdup (key), g_strdup (secret));
}

310 311 312 313 314 315 316 317 318 319
/**
 * nm_setting_vpn_get_secret:
 * @setting: the #NMSettingVPN
 * @key: the name of the secret to retrieve
 *
 * Retrieves the secret of a key/value relationship previously established
 * by nm_setting_vpn_add_secret().
 *
 * Returns: the secret, if any
 **/
320 321 322 323 324 325 326 327
const char *
nm_setting_vpn_get_secret (NMSettingVPN *setting, const char *key)
{
	g_return_val_if_fail (NM_IS_SETTING_VPN (setting), NULL);

	return (const char *) g_hash_table_lookup (NM_SETTING_VPN_GET_PRIVATE (setting)->secrets, key);
}

328 329 330 331 332 333 334 335
/**
 * nm_setting_vpn_remove_secret:
 * @setting: the #NMSettingVPN
 * @key: the name of the secret to remove
 *
 * Deletes a key/value relationship previously established by
 * nm_setting_vpn_add_secret().
 **/
336 337 338 339 340 341 342 343
void
nm_setting_vpn_remove_secret (NMSettingVPN *setting, const char *key)
{
	g_return_if_fail (NM_IS_SETTING_VPN (setting));

	g_hash_table_remove (NM_SETTING_VPN_GET_PRIVATE (setting)->secrets, key);
}

344 345 346 347
/**
 * nm_setting_vpn_foreach_secret:
 * @setting: a #NMSettingVPN
 * @func: (scope call): an user provided function
348
 * @user_data: data to be passed to @func
349
 *
350 351 352
 * Iterates all secrets stored in this setting.  It is safe to add, remove,
 * and modify secrets inside @func, though any additions or removals made during
 * iteration will not be part of the iteration.
353
 */
354 355
void
nm_setting_vpn_foreach_secret (NMSettingVPN *setting,
356
                               NMVPNIterFunc func,
357 358
                               gpointer user_data)
{
359
	g_return_if_fail (setting != NULL);
360 361
	g_return_if_fail (NM_IS_SETTING_VPN (setting));

362
	foreach_item_helper (NM_SETTING_VPN_GET_PRIVATE (setting)->secrets, func, user_data);
363 364
}

365
static gboolean
366
verify (NMSetting *setting, GSList *all_settings, GError **error)
367
{
368
	NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
369

370
	if (!priv->service_type) {
371 372 373 374 375 376 377
		g_set_error (error,
		             NM_SETTING_VPN_ERROR,
		             NM_SETTING_VPN_ERROR_MISSING_PROPERTY,
		             NM_SETTING_VPN_SERVICE_TYPE);
		return FALSE;
	}

378
	if (!strlen (priv->service_type)) {
379 380 381 382
		g_set_error (error,
		             NM_SETTING_VPN_ERROR,
		             NM_SETTING_VPN_ERROR_INVALID_PROPERTY,
		             NM_SETTING_VPN_SERVICE_TYPE);
383
		return FALSE;
384
	}
385 386

	/* default username can be NULL, but can't be zero-length */
387
	if (priv->user_name && !strlen (priv->user_name)) {
388 389 390 391
		g_set_error (error,
		             NM_SETTING_VPN_ERROR,
		             NM_SETTING_VPN_ERROR_INVALID_PROPERTY,
		             NM_SETTING_VPN_USER_NAME);
392
		return FALSE;
393
	}
394 395 396 397

	return TRUE;
}

398
static gboolean
399 400 401 402
update_secret_string (NMSetting *setting,
                      const char *key,
                      const char *value,
                      GError **error)
403
{
404
	NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
405

406 407 408
	g_return_val_if_fail (key != NULL, FALSE);
	g_return_val_if_fail (value != NULL, FALSE);

409
	if (!value || !strlen (value)) {
410 411
		g_set_error (error, NM_SETTING_ERROR,
		             NM_SETTING_ERROR_PROPERTY_TYPE_MISMATCH,
412
		             "Secret %s was empty", key);
413 414
		return FALSE;
	}
415

416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446
	g_hash_table_insert (priv->secrets, g_strdup (key), g_strdup (value));
	return TRUE;
}

static gboolean
update_secret_hash (NMSetting *setting,
                    GHashTable *secrets,
                    GError **error)
{
	NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
	GHashTableIter iter;
	const char *name, *value;

	g_return_val_if_fail (secrets != NULL, FALSE);

	/* Make sure the items are valid */
	g_hash_table_iter_init (&iter, secrets);
	while (g_hash_table_iter_next (&iter, (gpointer *) &name, (gpointer *) &value)) {
		if (!name || !strlen (name)) {
			g_set_error_literal (error, NM_SETTING_ERROR,
			                     NM_SETTING_ERROR_PROPERTY_TYPE_MISMATCH,
			                     "Secret name was empty");
			return FALSE;
		}

		if (!value || !strlen (value)) {
			g_set_error (error, NM_SETTING_ERROR,
			             NM_SETTING_ERROR_PROPERTY_TYPE_MISMATCH,
				         "Secret %s value was empty", name);
			return FALSE;
		}
447 448
	}

449 450
	/* Now add the items to the settings' secrets list */
	g_hash_table_iter_init (&iter, secrets);
451 452 453 454 455 456 457 458 459 460
	while (g_hash_table_iter_next (&iter, (gpointer *) &name, (gpointer *) &value)) {
		if (value == NULL) {
			g_warn_if_fail (value != NULL);
			continue;
		}
		if (strlen (value) == 0) {
			g_warn_if_fail (strlen (value) > 0);
			continue;
		}

461
		g_hash_table_insert (priv->secrets, g_strdup (name), g_strdup (value));
462
	}
463

464
	return TRUE;
465 466
}

467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493
static gboolean
update_one_secret (NMSetting *setting, const char *key, GValue *value, GError **error)
{
	gboolean success = FALSE;

	g_return_val_if_fail (key != NULL, FALSE);
	g_return_val_if_fail (value != NULL, FALSE);

	if (G_VALUE_HOLDS_STRING (value)) {
		/* Passing the string properties individually isn't correct, and won't
		 * produce the correct result, but for some reason that's how it used
		 * to be done.  So even though it's not correct, keep the code around
		 * for compatibility's sake.
		 */
		success = update_secret_string (setting, key, g_value_get_string (value), error);
	} else if (G_VALUE_HOLDS (value, DBUS_TYPE_G_MAP_OF_STRING)) {
		if (strcmp (key, NM_SETTING_VPN_SECRETS) != 0) {
			g_set_error (error, NM_SETTING_ERROR, NM_SETTING_ERROR_PROPERTY_NOT_SECRET,
			             "Property %s not a secret property", key);
		} else
			success = update_secret_hash (setting, g_value_get_boxed (value), error);
	} else
		g_set_error_literal (error, NM_SETTING_ERROR, NM_SETTING_ERROR_PROPERTY_TYPE_MISMATCH, key);

	return success;
}

494 495 496
static gboolean
get_secret_flags (NMSetting *setting,
                  const char *secret_name,
497
                  gboolean verify_secret,
498 499 500 501 502 503 504 505 506 507 508 509 510 511
                  NMSettingSecretFlags *out_flags,
                  GError **error)
{
	NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
	gboolean success = FALSE;
	char *flags_key;
	gpointer val;
	unsigned long tmp;

	flags_key = g_strdup_printf ("%s-flags", secret_name);
	if (g_hash_table_lookup_extended (priv->data, flags_key, NULL, &val)) {
		errno = 0;
		tmp = strtoul ((const char *) val, NULL, 10);
		if ((errno == 0) && (tmp <= NM_SETTING_SECRET_FLAGS_ALL)) {
512 513
			if (out_flags)
				*out_flags = (guint32) tmp;
514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534
			success = TRUE;
		} else {
			g_set_error (error,
			             NM_SETTING_ERROR,
			             NM_SETTING_ERROR_PROPERTY_TYPE_MISMATCH,
			             "Failed to convert '%s' value '%s' to uint",
			             flags_key, (const char *) val);
		}
	} else {
		g_set_error (error,
		             NM_SETTING_ERROR,
		             NM_SETTING_ERROR_PROPERTY_NOT_FOUND,
		             "Secret flags property '%s' not found", flags_key);
	}
	g_free (flags_key);
	return success;
}

static gboolean
set_secret_flags (NMSetting *setting,
                  const char *secret_name,
535
                  gboolean verify_secret,
536 537 538 539 540 541 542 543 544
                  NMSettingSecretFlags flags,
                  GError **error)
{
	g_hash_table_insert (NM_SETTING_VPN_GET_PRIVATE (setting)->data,
	                     g_strdup_printf ("%s-flags", secret_name),
	                     g_strdup_printf ("%u", flags));
	return TRUE;
}

545 546 547 548 549 550 551
static GPtrArray *
need_secrets (NMSetting *setting)
{
	/* Assume that VPN connections need secrets since they almost always will */
	return g_ptr_array_sized_new (1);
}

552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613
static gboolean
compare_one_secret (NMSettingVPN *a,
                    NMSettingVPN *b,
                    NMSettingCompareFlags flags)
{
	GHashTable *a_secrets, *b_secrets;
	GHashTableIter iter;
	const char *key, *val;

	a_secrets = NM_SETTING_VPN_GET_PRIVATE (a)->secrets;
	b_secrets = NM_SETTING_VPN_GET_PRIVATE (b)->secrets;

	g_hash_table_iter_init (&iter, a_secrets);
	while (g_hash_table_iter_next (&iter, (gpointer) &key, (gpointer) &val)) {
		NMSettingSecretFlags a_secret_flags = NM_SETTING_SECRET_FLAG_NONE;
		NMSettingSecretFlags b_secret_flags = NM_SETTING_SECRET_FLAG_NONE;

		nm_setting_get_secret_flags (NM_SETTING (a), key, &a_secret_flags, NULL);
		nm_setting_get_secret_flags (NM_SETTING (b), key, &b_secret_flags, NULL);

		/* If the secret flags aren't the same, the settings aren't the same */
		if (a_secret_flags != b_secret_flags)
			return FALSE;

		if (   (flags & NM_SETTING_COMPARE_FLAG_IGNORE_AGENT_OWNED_SECRETS)
		    && (a_secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED))
			continue;

		if (   (flags & NM_SETTING_COMPARE_FLAG_IGNORE_NOT_SAVED_SECRETS)
		    && (a_secret_flags & NM_SETTING_SECRET_FLAG_NOT_SAVED))
			continue;

		/* Now compare the values themselves */
		if (g_strcmp0 (val, nm_setting_vpn_get_secret (b, key)) != 0)
			return FALSE;
	}

	return TRUE;
}

static gboolean
compare_property (NMSetting *setting,
                  NMSetting *other,
                  const GParamSpec *prop_spec,
                  NMSettingCompareFlags flags)
{
	gboolean same;

	/* We only need to treat the 'secrets' property specially */
	if (g_strcmp0 (prop_spec->name, NM_SETTING_VPN_SECRETS) != 0)
		return NM_SETTING_CLASS (nm_setting_vpn_parent_class)->compare_property (setting, other, prop_spec, flags);

	/* Compare A to B to ensure everything in A is found in B */
	same = compare_one_secret (NM_SETTING_VPN (setting), NM_SETTING_VPN (other), flags);
	if (same) {
		/* And then B to A to ensure everything in B is also found in A */
		same = compare_one_secret (NM_SETTING_VPN (other), NM_SETTING_VPN (setting), flags);
	}

	return same;
}

614 615 616 617 618 619 620 621
static void
destroy_one_secret (gpointer data)
{
	char *secret = (char *) data;

	/* Don't leave the secret lying around in memory */
	memset (secret, 0, strlen (secret));
	g_free (secret);
622 623
}

624 625 626
static void
nm_setting_vpn_init (NMSettingVPN *setting)
{
627
	NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
628

629 630 631
	g_object_set (setting, NM_SETTING_NAME, NM_SETTING_VPN_SETTING_NAME, NULL);
	priv->data = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free);
	priv->secrets = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, destroy_one_secret);
632 633 634 635 636
}

static void
finalize (GObject *object)
{
637
	NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (object);
638

639 640 641 642
	g_free (priv->service_type);
	g_free (priv->user_name);
	g_hash_table_destroy (priv->data);
	g_hash_table_destroy (priv->secrets);
643 644 645 646

	G_OBJECT_CLASS (nm_setting_vpn_parent_class)->finalize (object);
}

647 648 649
static void
copy_hash (gpointer key, gpointer value, gpointer user_data)
{
650 651
	g_return_if_fail (value != NULL);
	g_return_if_fail (strlen (value));
652 653 654
	g_hash_table_insert ((GHashTable *) user_data, g_strdup (key), g_strdup (value));
}

655 656 657 658
static void
set_property (GObject *object, guint prop_id,
		    const GValue *value, GParamSpec *pspec)
{
659
	NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (object);
660
	GHashTable *new_hash;
661 662 663

	switch (prop_id) {
	case PROP_SERVICE_TYPE:
664 665
		g_free (priv->service_type);
		priv->service_type = g_value_dup_string (value);
666 667
		break;
	case PROP_USER_NAME:
668 669
		g_free (priv->user_name);
		priv->user_name = g_value_dup_string (value);
670
		break;
671 672
	case PROP_DATA:
		/* Must make a deep copy of the hash table here... */
673
		g_hash_table_remove_all (priv->data);
674 675
		new_hash = g_value_get_boxed (value);
		if (new_hash)
676
			g_hash_table_foreach (new_hash, copy_hash, priv->data);
677 678 679
		break;
	case PROP_SECRETS:
		/* Must make a deep copy of the hash table here... */
680
		g_hash_table_remove_all (priv->secrets);
681 682
		new_hash = g_value_get_boxed (value);
		if (new_hash)
683
			g_hash_table_foreach (new_hash, copy_hash, priv->secrets);
684
		break;
685 686 687 688 689 690 691 692 693 694 695
	default:
		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
		break;
	}
}

static void
get_property (GObject *object, guint prop_id,
		    GValue *value, GParamSpec *pspec)
{
	NMSettingVPN *setting = NM_SETTING_VPN (object);
696
	NMSettingVPNPrivate *priv = NM_SETTING_VPN_GET_PRIVATE (setting);
697 698 699

	switch (prop_id) {
	case PROP_SERVICE_TYPE:
700
		g_value_set_string (value, nm_setting_vpn_get_service_type (setting));
701 702
		break;
	case PROP_USER_NAME:
703
		g_value_set_string (value, nm_setting_vpn_get_user_name (setting));
704
		break;
705
	case PROP_DATA:
706
		g_value_set_boxed (value, priv->data);
707
		break;
708
	case PROP_SECRETS:
709
		g_value_set_boxed (value, priv->secrets);
710
		break;
711 712 713 714 715 716 717 718 719 720 721 722
	default:
		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
		break;
	}
}

static void
nm_setting_vpn_class_init (NMSettingVPNClass *setting_class)
{
	GObjectClass *object_class = G_OBJECT_CLASS (setting_class);
	NMSettingClass *parent_class = NM_SETTING_CLASS (setting_class);

723 724
	g_type_class_add_private (setting_class, sizeof (NMSettingVPNPrivate));

725 726 727 728
	/* virtual methods */
	object_class->set_property = set_property;
	object_class->get_property = get_property;
	object_class->finalize     = finalize;
729 730

	parent_class->verify            = verify;
731
	parent_class->update_one_secret = update_one_secret;
732 733
	parent_class->get_secret_flags  = get_secret_flags;
	parent_class->set_secret_flags  = set_secret_flags;
734
	parent_class->need_secrets      = need_secrets;
735
	parent_class->compare_property  = compare_property;
736 737

	/* Properties */
738 739 740 741 742
	/**
	 * NMSettingVPN:service-type:
	 *
	 * D-Bus service name of the VPN plugin that this setting uses to connect
	 * to its network.  i.e. org.freedesktop.NetworkManager.vpnc for the vpnc
743
	 * plugin.
744
	 **/
745 746 747 748
	g_object_class_install_property
		(object_class, PROP_SERVICE_TYPE,
		 g_param_spec_string (NM_SETTING_VPN_SERVICE_TYPE,
						  "Service type",
749 750 751 752
						  "D-Bus service name of the VPN plugin that this "
						  "setting uses to connect to its network.  i.e. "
						  "org.freedesktop.NetworkManager.vpnc for the vpnc "
						  "plugin.",
753 754 755
						  NULL,
						  G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));

756 757 758 759 760 761 762 763
	/**
	 * NMSettinVPN:user-name:
	 *
	 * User name of the currently logged in user for connections provided by the
	 * user settings service.  This name is provided to the VPN plugin to use in
	 * lieu of a custom username provided by that VPN plugins specific
	 * configuration.  The VPN plugin itself decides which user name to use.
	 **/
764 765 766 767
	g_object_class_install_property
		(object_class, PROP_USER_NAME,
		 g_param_spec_string (NM_SETTING_VPN_USER_NAME,
						  "User name",
768 769 770 771 772 773
						  "User name of the currently logged in user for "
						  "connections provided by the user settings service.  "
						  "This name is provided to the VPN plugin to use in "
						  "lieu of a custom username provided by that VPN "
						  "plugins specific configuration.  The VPN plugin "
						  "itself decides which user name to use.",
774 775
						  NULL,
						  G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
776

777 778 779 780 781 782
	/**
	 * NMSettingVPN:data:
	 *
	 * Dictionary of key/value pairs of VPN plugin specific data.  Both keys
	 * and values must be strings.
	 **/
783 784
	g_object_class_install_property
		(object_class, PROP_DATA,
785
		 _nm_param_spec_specialized (NM_SETTING_VPN_DATA,
786
							   "Data",
787 788 789
							   "Dictionary of key/value pairs of VPN plugin "
							   "specific data.  Both keys and values must be "
							   "strings.",
790 791
							   DBUS_TYPE_G_MAP_OF_STRING,
							   G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE));
792

793 794 795 796 797 798
	/**
	 * NMSettingVPN:secrets:
	 *
	 * Dictionary of key/value pairs of VPN plugin specific secrets like
	 * passwords or private keys.  Both keys and values must be strings.
	 **/
799 800 801 802
	g_object_class_install_property
		(object_class, PROP_SECRETS,
		 _nm_param_spec_specialized (NM_SETTING_VPN_SECRETS,
							   "Secrets",
803 804 805
							   "Dictionary of key/value pairs of VPN plugin "
							   "specific secrets like passwords or private keys."
							   "  Both keys and values must be strings.",
806 807
							   DBUS_TYPE_G_MAP_OF_STRING,
							   G_PARAM_READWRITE | NM_SETTING_PARAM_SERIALIZE | NM_SETTING_PARAM_SECRET));
808
}
809