For your consideration.
Adds the option "Disable DTLS and ESP" to the UI.
Default is unchecked, DTLS is left enabled.
diff -ur NetworkManager-openconnect-1.2.6.orig/auth-dialog/main.c NetworkManager-openconnect-1.2.6/auth-dialog/main.c
--- NetworkManager-openconnect-1.2.6.orig/auth-dialog/main.c 2020-04-06 07:02:44.000000000 +0200
+++ NetworkManager-openconnect-1.2.6/auth-dialog/main.c 2021-01-14 12:55:03.641645629 +0100
@@ -814,11 +814,11 @@
gtk_box_pack_start(GTK_BOX(hbox), cancel_button, FALSE, FALSE, 0);
g_signal_connect(cancel_button, "clicked", G_CALLBACK(cert_dialog_cancel_clicked), dlg);
gtk_widget_show(cancel_button);
-
+
prevent_invalid_cert = g_hash_table_lookup(ui_data->options,
NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT);
invalid_cert_allowed = prevent_invalid_cert ? !strcmp(prevent_invalid_cert, "no") : TRUE;
-
+
if (invalid_cert_allowed) {
security_expander = gtk_expander_new(_("I really know what I am doing"));
gtk_box_pack_start(GTK_BOX(vbox), security_expander, FALSE, FALSE, 0);
@@ -1034,6 +1034,8 @@
char *token_mode;
char *token_secret;
char *protocol;
+ char *disable_dtls;
+ gboolean disable_dtls_allowed;
hostname = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_GATEWAY);
if (!hostname) {
@@ -1095,7 +1097,7 @@
NM_OPENCONNECT_KEY_CSD_WRAPPER);
if (csd_wrapper && !csd_wrapper[0])
csd_wrapper = NULL;
-
+
openconnect_setup_csd(vpninfo, getuid(), 1, OC3DUP (csd_wrapper));
}
@@ -1122,6 +1124,9 @@
if (pem_passphrase_fsid && cert && !strcmp(pem_passphrase_fsid, "yes"))
openconnect_passphrase_from_fsid(vpninfo);
+ disable_dtls = g_hash_table_lookup(ui_data->options, NM_OPENCONNECT_KEY_DISABLE_DTLS);
+ disable_dtls_allowed = disable_dtls ? !strcmp(disable_dtls, "yes") : TRUE;
+
token_mode = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_TOKEN_MODE);
token_secret = g_hash_table_lookup (secrets, NM_OPENCONNECT_KEY_TOKEN_SECRET);
if (!token_secret || !token_secret[0])
diff -ur NetworkManager-openconnect-1.2.6.orig/properties/nm-openconnect-dialog.ui NetworkManager-openconnect-1.2.6/properties/nm-openconnect-dialog.ui
--- NetworkManager-openconnect-1.2.6.orig/properties/nm-openconnect-dialog.ui 2020-04-06 07:02:44.000000000 +0200
+++ NetworkManager-openconnect-1.2.6/properties/nm-openconnect-dialog.ui 2021-01-14 12:54:55.486616165 +0100
@@ -712,6 +712,25 @@
<property name="fill">False</property>
</packing>
</child>
+ <child>
+ <object class="GtkCheckButton" id="disable_dtls_button">
+ <property name="border_width">2</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Disable DTLS and ESP</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </object>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
</object>
<packing>
<property name="padding">0</property>
diff -ur NetworkManager-openconnect-1.2.6.orig/properties/nm-openconnect-editor.c NetworkManager-openconnect-1.2.6/properties/nm-openconnect-editor.c
--- NetworkManager-openconnect-1.2.6.orig/properties/nm-openconnect-editor.c 2020-04-06 07:02:44.000000000 +0200
+++ NetworkManager-openconnect-1.2.6/properties/nm-openconnect-editor.c 2021-01-14 12:54:55.486616165 +0100
@@ -353,6 +353,17 @@
}
g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dtls_button"));
+ if (!widget)
+ return FALSE;
+ if (s_vpn) {
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_DISABLE_DTLS);
+ if (value && !strcmp(value, "yes"))
+ gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON (widget), TRUE);
+ }
+ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
+
+
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "csd_button"));
if (!widget)
return FALSE;
@@ -457,6 +468,10 @@
str = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (widget))?"yes":"no";
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT, str);
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dtls_button"));
+ str = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (widget))?"yes":"no";
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_DISABLE_DTLS, str);
+
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "csd_button"));
str = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (widget))?"yes":"no";
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_ENABLE, str);
diff -ur NetworkManager-openconnect-1.2.6.orig/properties/nm-openconnect-editor-plugin.c NetworkManager-openconnect-1.2.6/properties/nm-openconnect-editor-plugin.c
--- NetworkManager-openconnect-1.2.6.orig/properties/nm-openconnect-editor-plugin.c 2020-04-06 07:02:44.000000000 +0200
+++ NetworkManager-openconnect-1.2.6/properties/nm-openconnect-editor-plugin.c 2021-01-14 12:54:55.487616169 +0100
@@ -264,6 +264,11 @@
if (true)
nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT, "yes");
+ /* No dtls post */
+ bval = g_key_file_get_boolean (keyfile, "openconnect", "DisableDTLS", NULL);
+ if (true)
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_DISABLE_DTLS, "yes");
+
/* Soft token mode */
buf = g_key_file_get_string (keyfile, "openconnect", "StokenSource", NULL);
if (buf)
@@ -297,6 +302,7 @@
const char *privkey = NULL;
gboolean pem_passphrase_fsid = FALSE;
gboolean prevent_invalid_cert = FALSE;
+ gboolean disable_dtls = FALSE;
const char *token_mode = NULL;
const char *token_secret = NULL;
gboolean success = FALSE;
@@ -366,6 +372,10 @@
if (value && !strcmp (value, "yes"))
prevent_invalid_cert = TRUE;
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_DISABLE_DTLS);
+ if (value && !strcmp (value, "yes"))
+ disable_dtls = TRUE;
+
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_TOKEN_MODE);
if (value && strlen (value))
token_mode = value;
@@ -393,6 +403,7 @@
"PrivateKey=%s\n"
"FSID=%s\n"
"PreventInvalidCert=%s\n"
+ "DisableDTLS=%s\n"
"StokenSource=%s\n"
"StokenString=%s\n",
/* Description */ nm_setting_connection_get_id (s_con),
@@ -407,6 +418,7 @@
/* Private Key */ privkey ? privkey : "",
/* FSID */ pem_passphrase_fsid ? "1" : "0",
/* Prevent invalid cert */ prevent_invalid_cert ? "1" : "0",
+ /* NO DTLS Post */ disable_dtls ? "1" : "0",
/* Soft token mode */ token_mode ? token_mode : "",
/* Soft token secret */ token_secret ? token_secret : "");
diff -ur NetworkManager-openconnect-1.2.6.orig/shared/nm-service-defines.h NetworkManager-openconnect-1.2.6/shared/nm-service-defines.h
--- NetworkManager-openconnect-1.2.6.orig/shared/nm-service-defines.h 2020-04-06 07:02:44.000000000 +0200
+++ NetworkManager-openconnect-1.2.6/shared/nm-service-defines.h 2021-01-14 12:54:55.487616169 +0100
@@ -42,6 +42,7 @@
#define NM_OPENCONNECT_KEY_MTU "mtu"
#define NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID "pem_passphrase_fsid"
#define NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT "prevent_invalid_cert"
+#define NM_OPENCONNECT_KEY_DISABLE_DTLS "disable_dtls"
#define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
#define NM_OPENCONNECT_KEY_PROXY "proxy"
#define NM_OPENCONNECT_KEY_CSD_ENABLE "enable_csd_trojan"
diff -ur NetworkManager-openconnect-1.2.6.orig/src/nm-openconnect-service.c NetworkManager-openconnect-1.2.6/src/nm-openconnect-service.c
--- NetworkManager-openconnect-1.2.6.orig/src/nm-openconnect-service.c 2020-04-06 07:02:44.000000000 +0200
+++ NetworkManager-openconnect-1.2.6/src/nm-openconnect-service.c 2021-01-14 12:54:55.487616169 +0100
@@ -88,6 +88,7 @@
{ NM_OPENCONNECT_KEY_MTU, G_TYPE_STRING, 0, 0 },
{ NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENCONNECT_KEY_PREVENT_INVALID_CERT, G_TYPE_BOOLEAN, 0, 0 },
+ { NM_OPENCONNECT_KEY_DISABLE_DTLS, G_TYPE_BOOLEAN, 0, 0 },
{ NM_OPENCONNECT_KEY_PROTOCOL, G_TYPE_STRING, 0, 0 },
{ NM_OPENCONNECT_KEY_PROXY, G_TYPE_STRING, 0, 0 },
{ NM_OPENCONNECT_KEY_CSD_ENABLE, G_TYPE_BOOLEAN, 0, 0 },
@@ -396,6 +397,7 @@
char csd_user_arg[60];
const char *props_vpn_gw, *props_cookie, *props_cacert, *props_mtu, *props_gwcert, *props_proxy;
const char *props_csd_enable, *props_csd_wrapper;
+ const char *props_disable_dtls_disable;
const char *protocol;
/* Find openconnect */
@@ -487,6 +489,11 @@
g_ptr_array_add (openconnect_argv, (gpointer) priv->tun_name);
}
+ props_disable_dtls_disable = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_DISABLE_DTLS);
+ if (props_disable_dtls_disable && !strcmp (props_disable_dtls_disable, "yes")) {
+ g_ptr_array_add (openconnect_argv, (gpointer) "--no-dtls");
+ }
+
props_csd_enable = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_ENABLE);
props_csd_wrapper = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_CSD_WRAPPER);
if (props_csd_enable && !strcmp (props_csd_enable, "yes") && props_csd_wrapper) {
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
