diff options
Diffstat (limited to 'src/importprofiledialog.cpp')
-rw-r--r-- | src/importprofiledialog.cpp | 601 |
1 files changed, 601 insertions, 0 deletions
diff --git a/src/importprofiledialog.cpp b/src/importprofiledialog.cpp new file mode 100644 index 0000000..80ec8a0 --- /dev/null +++ b/src/importprofiledialog.cpp @@ -0,0 +1,601 @@ +/*************************************************************************** +* Copyright (C) 2004 by Christoph Thielecke * +* crissi99@gmx.de * +* * +* This program is free software; you can redistribute it and/or modify * +* it under the terms of the GNU General Public License as published by * +* the Free Software Foundation; either version 2 of the License, or * +* (at your option) any later version. * +* * +* This program is distributed in the hope that it will be useful, * +* but WITHOUT ANY WARRANTY; without even the implied warranty of * +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * +* GNU General Public License for more details. * +* * +* You should have received a copy of the GNU General Public License * +* along with this program; if not, write to the * +* Free Software Foundation, Inc., * +* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * +***************************************************************************/ +//BEGIN INCLUDES +#include <kmessagebox.h> +#include <kio/netaccess.h> +#include <ktempfile.h> +#include <klocale.h> +#include <kconfig.h> +#include <kdialogbase.h> +#include <kurlrequester.h> +#include <kcombobox.h> +#include <qstringlist.h> +#include <qfile.h> +#include <qurl.h> +#include <kurl.h> +#include <qtextstream.h> +#include <qcheckbox.h> +#include <qfileinfo.h> +#include <string> + +#include <iostream> + +#include "importprofiledialog.h" +#include "importcertificatedialog.h" +#include "utils.h" +#include "ciscopasswddecoder.h" +//END INCLUDES + +ImportProfileDialog::ImportProfileDialog(KVpncConfig *GlobalConfig, QWidget *parent, const QString& caption, QString file) + : KDialogBase( parent, "Import_Cisco_PCF_profile", true, caption, + KDialogBase::Ok|KDialogBase::Cancel, KDialogBase::Ok, true ) +{ + decodeEncPasswd = false; + if (!file.isEmpty()) + filename = file; + else + filename = ""; + importOk = false; + this->GlobalConfig= GlobalConfig; + + main = new ImportProfileDialogBase(this); + setMainWidget(main); + main->setMinimumSize(main->sizeHint()); + + main->FilenameUrlrequester->setFilter( "*.pcf" ); + main->FilenameUrlrequester->setURL(filename); + +} + + +ImportProfileDialog::~ImportProfileDialog() +{ + delete main; +} + +void ImportProfileDialog::accept() +{ + + //filename="/etc/CiscoSystemsVPNClient/Profiles/hs_harz.pcf"; + filename = main->FilenameUrlrequester->url(); + if ( !filename.isEmpty() ) + { + f = new QFile(filename); + canAccept(); + } + + else + { + KMessageBox::sorry( 0, i18n( "File name can not be empty!" ), i18n( "Empty File Name" ) ); + } +} + + +void ImportProfileDialog::canAccept() +{ + + if ( !f->exists() ) + { + KMessageBox::information( 0, i18n( "File not found." ), i18n( "No File" ) ); + + // emit progress( 100 ); + return ; + } + + KConfig config( filename, true, false ); + + QStringList grouplist = config.groupList(); + + if (GlobalConfig->KvpncDebugLevel > 0) + { + QString groups=""; + for ( QStringList::Iterator group = grouplist.begin(); group != grouplist.end(); ++group ) + groups += QString(" "+*group); + GlobalConfig->appendLogEntry(i18n("PCF import: groups found: [ %1 ]").arg(groups), GlobalConfig->debug); + } + + config.setGroup( "main" ); + + // sample config + + /* + [main] + Description= + Host = 192.168.13.1 + AuthType=1 + GroupName = hs_harz + GroupPwd = + Username = u15119 + SaveUserPassword = 0 + UserPassword = + NTDomain = + EnableBackup = 0 + BackupServer = + EnableMSLogon = 1 + TunnelingMode = 0 + TcpTunnelingPort = 10000 + CertStore = 0 + CertName = + CertPath = + CertSubjectName = + CertSerialHash = 00000000000000000000000000000000 + SendCertChain = 0 + VerifyCertDN = + DHGroup = 2 + ForceKeepAlives = 0 + PeerTimeout = 90 + EnableLocalLAN = 1 // only reading because we dont want to do this + EnableSplitDNS = 1 + EnableNAT = 1 + */ + + + VpnAccountData::ConnectionType ConnType = VpnAccountData::cisco; + QString ProfileName = QFileInfo ( f->name().stripWhiteSpace().remove(".pcf").remove(".PCF") ).fileName(); + acc = new VpnAccountData ( ConnType, Utils(this->GlobalConfig).removeSpecialCharsForFilename( ProfileName )); + + QString Description = config.readEntry( "Description", "" ); + + if (Description.isEmpty()) + Description = config.readEntry("!Description",i18n("Profile imported from file %1.").arg(filename)); + + if (!Description.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: description found: %1").arg(Description), GlobalConfig->debug); + acc->setDescription( Description ); + } + + + QString Gateway = config.readEntry( "Host", "" ); + + if (Gateway.isEmpty()) + Gateway = config.readEntry( "!Host", "" ); + + if (!Gateway.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: gateway found: %1").arg(Gateway), GlobalConfig->debug); + acc->setGateway( Gateway ); + } + + bool useApplicationVersion = false; + acc->setUseApplicationVersion( useApplicationVersion ); + + bool enableBackup = config.readBoolEntry( "EnableBackup" , FALSE ); + QString BackupServer = config.readEntry( "BackupServer", "" ); + + QString GroupName = config.readEntry( "GroupName" , "" ); + + if (GroupName.isEmpty()) + GroupName = config.readEntry( "!GroupName", "" ); + + if (GroupName.isEmpty()) + GroupName = "importedProfile"; + + if (!GroupName.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: group name found: %1").arg(GroupName), GlobalConfig->debug); + acc->setID( GroupName ); + } + + QString NtDomain = config.readEntry( "NTDomain" ); + if (NtDomain.isEmpty()) + NtDomain = config.readEntry( "!NTDomain", "" ); + + if (!NtDomain.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: NT domain found: %1").arg(NtDomain), GlobalConfig->debug); + acc->setNtDomainName( NtDomain ); + } + + bool enableMSLogon = config.readBoolEntry( "EnableMSLogon", FALSE ); + bool useNtDomainName = false; + + if ( enableMSLogon && !NtDomain.isEmpty() ) + useNtDomainName = true; + + QString CertName = config.readEntry( "CertName", "" ); + + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: certificate name found: %1").arg(CertName), GlobalConfig->debug); + + QString CertPath = config.readEntry( "CertPath", "" ); + QString CertSubjectName = config.readEntry( "CertSubjectName", "" ); + QString CertSerialHash = config.readEntry( "CertSerialHash", "" ); + // bool SendCertChain = config.readBoolEntry( "SendCertChain" , "" ); + // bool VerifyCertDN = config.readBoolEntry( "VerifyCertDN", FALSE ); + + /* + 0 = default, none + 1 = Cisco + */ + bool useCertStore=false; + int CertStore = config.readNumEntry( "CertStore", -1 ); + if (CertStore == 1) + useCertStore = true; + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: certificate should be stored into cisco cert store: %1").arg(QString().setNum(int(useCertStore))), GlobalConfig->debug); + + if (useCertStore) + { + // we have to import into the store + if (!CertName.isEmpty()) + { + bool CertPathFound = false; + QString CertFullPath = CertName; + if (!QFile(CertFullPath).exists()) + { + CertFullPath = CertPath+"/"+CertName; + if (!QFile(CertFullPath).exists()) + { + GlobalConfig->appendLogEntry(i18n("Cisco certificate import: cert not found, skipping."), GlobalConfig->error); + } + else + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("Cisco certificate import: cert found at current path."), GlobalConfig->debug); + CertPathFound = true; + } + } + else + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("Cisco certificate import: cert found at cert path."), GlobalConfig->debug); + CertPathFound = true; + + } + if (CertPathFound) + { + QStringList OldCiscoCerts = Utils(GlobalConfig).getCertsFromCiscoCertStore(); + ImportCertificateDialog dlg( this, i18n( "Import certificate..." ).ascii(), GlobalConfig ); + dlg.main->FilenameUrlrequester->setURL(CertFullPath); + dlg.main->ImporttypeComboBox->setCurrentItem(dlg.ciscouserca); // import user and ca cert + int result = dlg.exec(); + if (result == QDialog::Accepted) + { + acc->setUseCiscoCertStore(true); + QStringList CiscoCerts = Utils(GlobalConfig).getCertsFromCiscoCertStore(); + for ( QStringList::Iterator ciscoit = CiscoCerts.begin(); ciscoit != CiscoCerts.end(); ++ciscoit ) + { + if (OldCiscoCerts.findIndex(QString(*ciscoit)) < 1 ) + { + // if it was not in list, then its the new added one. + acc->setX509Certificate(*ciscoit); + break; + } + } + } + } + } + } + { + acc->setX509Certificate(CertName); + acc->setCertPath(CertPath); + } + + + int TcpTunnelingPort = config.readNumEntry( "TcpTunnelingPort", 10000 ); //std::cout << "tunneling port: " << TunnelingPort << std::endl; + /* + 0, the default, specifies IPSec over UDP for NAT transparency + 1 specifies IPSec over TCP for NAT transparency + */ + bool useUdp = config.readBoolEntry( "TunnelingMode", 0 ); + acc->setUseUdp( useUdp ); + + int LocalPort=10000; + bool useLocalPort = false; + if (TcpTunnelingPort != 10000) + useLocalPort = true; + + if (useLocalPort && useUdp == false) + { + acc->setLocalPort(LocalPort); + acc->setUseLocalPort(true); + } + + + // bool ForceKeepAlives = config.readBoolEntry( "ForceKeepAlives", FALSE ); + + // bool EnableLocalLAN = config.readBoolEntry( "EnableLocalLAN", FALSE ); // nur auslesen aber immer aus :) + // bool EnableSplitDNS = config.readBoolEntry( "EnableSplitDNS", FALSE ); + + + if (useUdp == false) + { + // vpnc does not support TCP :( + acc->setConnectionType(VpnAccountData::cisco); + } + if (useUdp) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: using %1 for tunneling").arg("UDP"), GlobalConfig->debug); + acc->setUseUdp( true); + } + else + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: using %1 for tunneling").arg("TCP"), GlobalConfig->debug); + acc->setUseUdp( false); + } + /* + 0, the default, disables IPSec through NAT mode + 1 enables IPSec through NAT mode + */ + bool enableNAT = config.readNumEntry("EnableNat", false); + if (enableNAT) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: enable NAT mode: %1").arg(i18n("yes")), GlobalConfig->debug); + acc->setUseNat(true); + } + else + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: enable NAT mode: %1").arg(i18n("no")), GlobalConfig->debug); + acc->setUseNat(false); + } + + bool useUdpPort= true; + + +// if ( TunnelingPort != 10000 ) +// { +// useUdp=true; //FIXME: is this right? I guess its only on udp +// useUdpPort = true; +// } + + QString PerfectForwardSecrecy = ""; //QString("dh"+QString().setNum(DHGroup)); + // bool usePerfectForwardSecrety = false; + bool usePerfectSecrecy = false; + acc->setPerfectForwardSecrety( PerfectForwardSecrecy ); + acc->setUsePerfectForwardSecrety( usePerfectSecrecy ); + bool useIkeGroup = false; + QString IkeGroup; + int DHGroup = config.readNumEntry( "DHGroup", -1 ); + if (DHGroup != -1 ) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: Diffie Hellman group found: %1").arg(QString().setNum(DHGroup)), GlobalConfig->debug); + IkeGroup = "dh" + QString().setNum( DHGroup ) ; + useIkeGroup = true; + acc->setIkeGroup( IkeGroup ); + } + + int PeerTimeout = config.readNumEntry( "PeerTimeout", -1 ); + if (PeerTimeout > -1 ) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: peer timeout found: %1").arg(QString().setNum(PeerTimeout)), GlobalConfig->debug); + // read minutes but store seconds + acc->setPeerTimeout( PeerTimeout*60 ); + } + + QString Username = config.readEntry( "Username" , "" ); + if (!Username.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: user name found: %1").arg(Username), GlobalConfig->debug); + acc->setUserName( Username ); + } + + QString UserPassword = config.readEntry( "UserPassword", "" ); + if (UserPassword.isEmpty()) + UserPassword = config.readEntry( "!UserPassword", "" ); + + if (!UserPassword.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: clear text user password found: %1").arg(UserPassword), GlobalConfig->debug); + acc->setUserPassword( UserPassword ); + } + + QString enc_UserPassword = config.readEntry( "enc_UserPassword", "" ); + if (enc_UserPassword.isEmpty()) + enc_UserPassword = config.readEntry( "!enc_UserPassword", "" ); + + if (!enc_UserPassword.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 0) + GlobalConfig->appendLogEntry(i18n("PCF import: encrypted user password found: %1").arg(enc_UserPassword), GlobalConfig->debug); + } + + CiscoPasswdDecoder dec (filename); + QString userpasswd=""; + QString grouppasswd=""; + dec.decodePasswords(userpasswd,grouppasswd); + + // std::cout << "decoded userpasswd: " << userpasswd << std::endl; + // std::cout << "decoded grouppasswd: " << grouppasswd << std::endl; + + bool saveUserPassword = config.readBoolEntry( "SaveUserPassword", FALSE ); + + if (saveUserPassword == false) + config.readBoolEntry( "!SaveUserPassword", FALSE ); + + if ( UserPassword.isEmpty() && userpasswd.isEmpty() ) + saveUserPassword = false; + + if (!userpasswd.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 3) + GlobalConfig->appendLogEntry(i18n("PCF import: decrypted user password found: %1").arg(userpasswd), GlobalConfig->debug); + acc->setUserPassword( userpasswd ); + } + + if (GlobalConfig->KvpncDebugLevel > 0) + if (saveUserPassword) + GlobalConfig->appendLogEntry(i18n("PCF import: save user pass : %1").arg(i18n("yes")), GlobalConfig->debug); + else + GlobalConfig->appendLogEntry(i18n("PCF import: save user pass : %1").arg(i18n("no")), GlobalConfig->debug); + acc->setSaveUserPassword( saveUserPassword ); + + bool saveGroupPwd = true; + QString GroupPwd = config.readEntry( "GroupPwd" , "" ); + if (GroupPwd.isEmpty()) + GroupPwd = config.readEntry( "!GroupPwd", "" ); + + if (!GroupPwd.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 3) + GlobalConfig->appendLogEntry(i18n("PCF import: clear text group password found: %1").arg(GroupPwd), GlobalConfig->debug); + acc->setPreSharedKey( GroupPwd ); + } + + QString enc_GroupPwd = config.readEntry( "enc_GroupPwd", "" ); + + if (enc_GroupPwd.isEmpty()) + enc_GroupPwd = config.readEntry( "!enc_GroupPwd", "" ); + + if (!grouppasswd.isEmpty()) + { + if (GlobalConfig->KvpncDebugLevel > 3) + GlobalConfig->appendLogEntry(i18n("PCF import: decrypted group password found: %1").arg(grouppasswd), GlobalConfig->debug); + acc->setPreSharedKey( grouppasswd ); + } + + if ( GroupPwd.isEmpty() && grouppasswd.isEmpty()) + saveGroupPwd = false; + acc->setSavePsk( saveGroupPwd ); + + if ( Description.isEmpty() ) + { + Description = ( QUrl( filename ).fileName() ); + Description = Utils(this->GlobalConfig).removeSpecialCharsForFilename( Description.left( filename.section('/',-1).length() - 4 )); + } + + if ( GroupName.isEmpty() ) + { + GroupName = Utils(this->GlobalConfig).removeSpecialCharsForFilename( GroupName.left( filename.section('/',-1).length() - 4 )); + } + + /* + AuthType= + The authentication type of the user: + 1 = Pre-shared keys (default) + 3 = Digital Certificate using an RSA signature. + 5 = Mutual authentication (hybrid) + */ + int AuthType = config.readNumEntry( "AuthType" , -1 ); + + if (AuthType==-1) + AuthType = config.readNumEntry( "!AuthType", -1 ); + + if (GlobalConfig->KvpncDebugLevel > 0) + if (AuthType ==1) + GlobalConfig->appendLogEntry(i18n("PCF import: authentication type found: %1").arg(i18n("PSK")), GlobalConfig->debug); + else if (AuthType ==3) + GlobalConfig->appendLogEntry(i18n("PCF import: authentication type found: %1").arg(i18n("certificate")), GlobalConfig->debug); + else if (AuthType ==5) + GlobalConfig->appendLogEntry(i18n("PCF import: authentication type found: %1").arg(i18n("hybrid")), GlobalConfig->debug); + else + GlobalConfig->appendLogEntry(i18n("PCF import: no authentication type found, assuming %1").arg(i18n("PSK")), GlobalConfig->debug); + + if (AuthType == 3 || AuthType == 5) + { + // vpnc has no cert support :( + acc->setConnectionType (VpnAccountData::ciscoorig); + acc->setAuthType( VpnAccountData::cert); + + if (!CertName.isEmpty()) + acc->setX509Certificate(CertName); + } + else if (AuthType == 1 ) + acc->setAuthType( VpnAccountData::psk); + else + acc->setAuthType( VpnAccountData::psk); + + bool useGlobalIpsecSecret = false; + acc->setUseGlobalIpsecSecret( useGlobalIpsecSecret ); + + bool useSingleDes = false; + acc->setUseSingleDes( useSingleDes ); + + //acc->setUseAdvancedSettings( useAdvancedSettings ); + acc->setUseAdvancedSettings( true ); + + /* + std::cout << Description + std::cout << Gateway + std::cout << AuthType + std::cout << GroupName + std::cout << GroupPwd + std::cout << enc_GroupPwd + std::cout << Username + std::cout << saveUserPassword + std::cout << UserPassword + std::cout << NtDomain + std::cout << bool enableBackup + std::cout << BackupServer + std::cout << bool enableMSLogon + std::cout << TunnelingMode + std::cout << TunnelingPort + std::cout << CertStore + std::cout << CertName + std::cout << CertPath + std::cout << CertSubjectName + std::cout << CertSerialHash + std::cout << SendCertChain + std::cout << VerifyCertDN + std::cout << DHGroup + std::cout << ForceKeepAlives + std::cout << PeerTimeout + std::cout << EnableLocalLAN + std::cout << EnableSplitDNS + std::cout << saveGroupPwd + std::cout << usePerfectSecrecy + std::cout << useSingleDes + std::cout << useLocalPort + std::cout << useNtDomainName + std::cout << useLocalPort + std::cout << IkeGroup + std::cout << PerfectForwardSecrecy + std::cout << useAdvancedSettings + */ + /* + acc.setName( Description ); + acc.setGateway( Gateway ); + acc.setID( GroupName ); + acc.setGroupPassword( GroupPwd ); + acc.setUserName( Username ); + acc.setUserPassword( UserPassword ); + acc.setSaveUserPassword( saveUserPassword ); + acc.setSaveGroupPassword( true ); + //acc.setIkeGroup( QString IkeGroup ); + acc.setPerfectForwardSecrety( QString PerfectForwardSecrecy ); + acc.setNtDomainName( QString Name ); + acc.setApplicationVersion( QString version ); + acc.setUseSingleDes( bool useSingleDes ); + acc.setLocalPort( int port ); + acc.setUseIkeGroup( bool useIkeGroup); + acc.setUsePerfectForwardSecrety(bool usePerfectForwardSecrety); + acc.setUseNtDomainName(bool useNtDomainName); + acc.setUseApplicationVersion(bool useApplicationVersion); + acc.setUseLocalPort(bool useLocalPort); + acc.setUseAdvancedSettings(bool useAdvancedSettings); + acc.setUseGlobalIpsecSecret(bool useGlobalIpsecSecret); + */ + importOk = true; + //std::cout << "accept" << std::endl; + QDialog::accept(); +} + |