/***************************************************************************
* Copyright (C) 2004 by Christoph Thielecke *
* crissi99@gmx.de *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the *
* Free Software Foundation, Inc., *
* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
***************************************************************************/
//BEGIN INCLUDES
#include <tdemessagebox.h>
#include <tdeio/netaccess.h>
#include <tdetempfile.h>
#include <tdelocale.h>
#include <tdeconfig.h>
#include <kdialogbase.h>
#include <kurlrequester.h>
#include <kcombobox.h>
#include <tqstringlist.h>
#include <tqfile.h>
#include <tqurl.h>
#include <kurl.h>
#include <tqtextstream.h>
#include <tqcheckbox.h>
#include <tqfileinfo.h>
#include <string>
#include <iostream>
#include "importprofiledialog.h"
#include "importcertificatedialog.h"
#include "utils.h"
#include "ciscopasswddecoder.h"
//END INCLUDES
ImportProfileDialog::ImportProfileDialog(KVpncConfig *GlobalConfig, TQWidget *parent, const TQString& caption, TQString file)
: KDialogBase( parent, "Import_Cisco_PCF_profile", true, caption,
KDialogBase::Ok|KDialogBase::Cancel, KDialogBase::Ok, true )
{
decodeEncPasswd = false;
if (!file.isEmpty())
filename = file;
else
filename = "";
importOk = false;
this->GlobalConfig= GlobalConfig;
main = new ImportProfileDialogBase(this);
setMainWidget(main);
main->setMinimumSize(main->sizeHint());
main->FilenameUrlrequester->setFilter( "*.pcf" );
main->FilenameUrlrequester->setURL(filename);
}
ImportProfileDialog::~ImportProfileDialog()
{
delete main;
}
void ImportProfileDialog::accept()
{
//filename="/etc/CiscoSystemsVPNClient/Profiles/hs_harz.pcf";
filename = main->FilenameUrlrequester->url();
if ( !filename.isEmpty() )
{
f = new TQFile(filename);
canAccept();
}
else
{
KMessageBox::sorry( 0, i18n( "File name can not be empty!" ), i18n( "Empty File Name" ) );
}
}
void ImportProfileDialog::canAccept()
{
if ( !f->exists() )
{
KMessageBox::information( 0, i18n( "File not found." ), i18n( "No File" ) );
// emit progress( 100 );
return ;
}
TDEConfig config( filename, true, false );
TQStringList grouplist = config.groupList();
if (GlobalConfig->KvpncDebugLevel > 0)
{
TQString groups="";
for ( TQStringList::Iterator group = grouplist.begin(); group != grouplist.end(); ++group )
groups += TQString(" "+*group);
GlobalConfig->appendLogEntry(i18n("PCF import: groups found: [ %1 ]").arg(groups), GlobalConfig->debug);
}
config.setGroup( "main" );
// sample config
/*
[main]
Description=
Host = 192.168.13.1
AuthType=1
GroupName = hs_harz
GroupPwd =
Username = u15119
SaveUserPassword = 0
UserPassword =
NTDomain =
EnableBackup = 0
BackupServer =
EnableMSLogon = 1
TunnelingMode = 0
TcpTunnelingPort = 10000
CertStore = 0
CertName =
CertPath =
CertSubjectName =
CertSerialHash = 00000000000000000000000000000000
SendCertChain = 0
VerifyCertDN =
DHGroup = 2
ForceKeepAlives = 0
PeerTimeout = 90
EnableLocalLAN = 1 // only reading because we dont want to do this
EnableSplitDNS = 1
EnableNAT = 1
*/
VpnAccountData::ConnectionType ConnType = VpnAccountData::cisco;
TQString ProfileName = TQFileInfo ( f->name().stripWhiteSpace().remove(".pcf").remove(".PCF") ).fileName();
acc = new VpnAccountData ( ConnType, Utils(this->GlobalConfig).removeSpecialCharsForFilename( ProfileName ));
TQString Description = config.readEntry( "Description", "" );
if (Description.isEmpty())
Description = config.readEntry("!Description",i18n("Profile imported from file %1.").arg(filename));
if (!Description.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: description found: %1").arg(Description), GlobalConfig->debug);
acc->setDescription( Description );
}
TQString Gateway = config.readEntry( "Host", "" );
if (Gateway.isEmpty())
Gateway = config.readEntry( "!Host", "" );
if (!Gateway.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: gateway found: %1").arg(Gateway), GlobalConfig->debug);
acc->setGateway( Gateway );
}
bool useApplicationVersion = false;
acc->setUseApplicationVersion( useApplicationVersion );
bool enableBackup = config.readBoolEntry( "EnableBackup" , FALSE );
TQString BackupServer = config.readEntry( "BackupServer", "" );
TQString GroupName = config.readEntry( "GroupName" , "" );
if (GroupName.isEmpty())
GroupName = config.readEntry( "!GroupName", "" );
if (GroupName.isEmpty())
GroupName = "importedProfile";
if (!GroupName.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: group name found: %1").arg(GroupName), GlobalConfig->debug);
acc->setID( GroupName );
}
TQString NtDomain = config.readEntry( "NTDomain" );
if (NtDomain.isEmpty())
NtDomain = config.readEntry( "!NTDomain", "" );
if (!NtDomain.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: NT domain found: %1").arg(NtDomain), GlobalConfig->debug);
acc->setNtDomainName( NtDomain );
}
bool enableMSLogon = config.readBoolEntry( "EnableMSLogon", FALSE );
bool useNtDomainName = false;
if ( enableMSLogon && !NtDomain.isEmpty() )
useNtDomainName = true;
TQString CertName = config.readEntry( "CertName", "" );
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: certificate name found: %1").arg(CertName), GlobalConfig->debug);
TQString CertPath = config.readEntry( "CertPath", "" );
TQString CertSubjectName = config.readEntry( "CertSubjectName", "" );
TQString CertSerialHash = config.readEntry( "CertSerialHash", "" );
// bool SendCertChain = config.readBoolEntry( "SendCertChain" , "" );
// bool VerifyCertDN = config.readBoolEntry( "VerifyCertDN", FALSE );
/*
0 = default, none
1 = Cisco
*/
bool useCertStore=false;
int CertStore = config.readNumEntry( "CertStore", -1 );
if (CertStore == 1)
useCertStore = true;
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: certificate should be stored into cisco cert store: %1").arg(TQString().setNum(int(useCertStore))), GlobalConfig->debug);
if (useCertStore)
{
// we have to import into the store
if (!CertName.isEmpty())
{
bool CertPathFound = false;
TQString CertFullPath = CertName;
if (!TQFile(CertFullPath).exists())
{
CertFullPath = CertPath+"/"+CertName;
if (!TQFile(CertFullPath).exists())
{
GlobalConfig->appendLogEntry(i18n("Cisco certificate import: cert not found, skipping."), GlobalConfig->error);
}
else
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("Cisco certificate import: cert found at current path."), GlobalConfig->debug);
CertPathFound = true;
}
}
else
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("Cisco certificate import: cert found at cert path."), GlobalConfig->debug);
CertPathFound = true;
}
if (CertPathFound)
{
TQStringList OldCiscoCerts = Utils(GlobalConfig).getCertsFromCiscoCertStore();
ImportCertificateDialog dlg( this, i18n( "Import certificate..." ).ascii(), GlobalConfig );
dlg.main->FilenameUrlrequester->setURL(CertFullPath);
dlg.main->ImporttypeComboBox->setCurrentItem(dlg.ciscouserca); // import user and ca cert
int result = dlg.exec();
if (result == TQDialog::Accepted)
{
acc->setUseCiscoCertStore(true);
TQStringList CiscoCerts = Utils(GlobalConfig).getCertsFromCiscoCertStore();
for ( TQStringList::Iterator ciscoit = CiscoCerts.begin(); ciscoit != CiscoCerts.end(); ++ciscoit )
{
if (OldCiscoCerts.findIndex(TQString(*ciscoit)) < 1 )
{
// if it was not in list, then its the new added one.
acc->setX509Certificate(*ciscoit);
break;
}
}
}
}
}
}
{
acc->setX509Certificate(CertName);
acc->setCertPath(CertPath);
}
int TcpTunnelingPort = config.readNumEntry( "TcpTunnelingPort", 10000 ); //std::cout << "tunneling port: " << TunnelingPort << std::endl;
/*
0, the default, specifies IPSec over UDP for NAT transparency
1 specifies IPSec over TCP for NAT transparency
*/
bool useUdp = config.readBoolEntry( "TunnelingMode", 0 );
acc->setUseUdp( useUdp );
int LocalPort=10000;
bool useLocalPort = false;
if (TcpTunnelingPort != 10000)
useLocalPort = true;
if (useLocalPort && useUdp == false)
{
acc->setLocalPort(LocalPort);
acc->setUseLocalPort(true);
}
// bool ForceKeepAlives = config.readBoolEntry( "ForceKeepAlives", FALSE );
// bool EnableLocalLAN = config.readBoolEntry( "EnableLocalLAN", FALSE ); // nur auslesen aber immer aus :)
// bool EnableSplitDNS = config.readBoolEntry( "EnableSplitDNS", FALSE );
if (useUdp == false)
{
// vpnc does not support TCP :(
acc->setConnectionType(VpnAccountData::cisco);
}
if (useUdp)
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: using %1 for tunneling").arg("UDP"), GlobalConfig->debug);
acc->setUseUdp( true);
}
else
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: using %1 for tunneling").arg("TCP"), GlobalConfig->debug);
acc->setUseUdp( false);
}
/*
0, the default, disables IPSec through NAT mode
1 enables IPSec through NAT mode
*/
bool enableNAT = config.readNumEntry("EnableNat", false);
if (enableNAT)
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: enable NAT mode: %1").arg(i18n("yes")), GlobalConfig->debug);
acc->setUseNat(true);
}
else
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: enable NAT mode: %1").arg(i18n("no")), GlobalConfig->debug);
acc->setUseNat(false);
}
bool useUdpPort= true;
// if ( TunnelingPort != 10000 )
// {
// useUdp=true; //FIXME: is this right? I guess its only on udp
// useUdpPort = true;
// }
TQString PerfectForwardSecrecy = ""; //TQString("dh"+TQString().setNum(DHGroup));
// bool usePerfectForwardSecrety = false;
bool usePerfectSecrecy = false;
acc->setPerfectForwardSecrety( PerfectForwardSecrecy );
acc->setUsePerfectForwardSecrety( usePerfectSecrecy );
bool useIkeGroup = false;
TQString IkeGroup;
int DHGroup = config.readNumEntry( "DHGroup", -1 );
if (DHGroup != -1 )
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: Diffie Hellman group found: %1").arg(TQString().setNum(DHGroup)), GlobalConfig->debug);
IkeGroup = "dh" + TQString().setNum( DHGroup ) ;
useIkeGroup = true;
acc->setIkeGroup( IkeGroup );
}
int PeerTimeout = config.readNumEntry( "PeerTimeout", -1 );
if (PeerTimeout > -1 )
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: peer timeout found: %1").arg(TQString().setNum(PeerTimeout)), GlobalConfig->debug);
// read minutes but store seconds
acc->setPeerTimeout( PeerTimeout*60 );
}
TQString Username = config.readEntry( "Username" , "" );
if (!Username.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: user name found: %1").arg(Username), GlobalConfig->debug);
acc->setUserName( Username );
}
TQString UserPassword = config.readEntry( "UserPassword", "" );
if (UserPassword.isEmpty())
UserPassword = config.readEntry( "!UserPassword", "" );
if (!UserPassword.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: clear text user password found: %1").arg(UserPassword), GlobalConfig->debug);
acc->setUserPassword( UserPassword );
}
TQString enc_UserPassword = config.readEntry( "enc_UserPassword", "" );
if (enc_UserPassword.isEmpty())
enc_UserPassword = config.readEntry( "!enc_UserPassword", "" );
if (!enc_UserPassword.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 0)
GlobalConfig->appendLogEntry(i18n("PCF import: encrypted user password found: %1").arg(enc_UserPassword), GlobalConfig->debug);
}
CiscoPasswdDecoder dec (filename);
TQString userpasswd="";
TQString grouppasswd="";
dec.decodePasswords(userpasswd,grouppasswd);
// std::cout << "decoded userpasswd: " << userpasswd << std::endl;
// std::cout << "decoded grouppasswd: " << grouppasswd << std::endl;
bool saveUserPassword = config.readBoolEntry( "SaveUserPassword", FALSE );
if (saveUserPassword == false)
config.readBoolEntry( "!SaveUserPassword", FALSE );
if ( UserPassword.isEmpty() && userpasswd.isEmpty() )
saveUserPassword = false;
if (!userpasswd.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 3)
GlobalConfig->appendLogEntry(i18n("PCF import: decrypted user password found: %1").arg(userpasswd), GlobalConfig->debug);
acc->setUserPassword( userpasswd );
}
if (GlobalConfig->KvpncDebugLevel > 0)
if (saveUserPassword)
GlobalConfig->appendLogEntry(i18n("PCF import: save user pass : %1").arg(i18n("yes")), GlobalConfig->debug);
else
GlobalConfig->appendLogEntry(i18n("PCF import: save user pass : %1").arg(i18n("no")), GlobalConfig->debug);
acc->setSaveUserPassword( saveUserPassword );
bool saveGroupPwd = true;
TQString GroupPwd = config.readEntry( "GroupPwd" , "" );
if (GroupPwd.isEmpty())
GroupPwd = config.readEntry( "!GroupPwd", "" );
if (!GroupPwd.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 3)
GlobalConfig->appendLogEntry(i18n("PCF import: clear text group password found: %1").arg(GroupPwd), GlobalConfig->debug);
acc->setPreSharedKey( GroupPwd );
}
TQString enc_GroupPwd = config.readEntry( "enc_GroupPwd", "" );
if (enc_GroupPwd.isEmpty())
enc_GroupPwd = config.readEntry( "!enc_GroupPwd", "" );
if (!grouppasswd.isEmpty())
{
if (GlobalConfig->KvpncDebugLevel > 3)
GlobalConfig->appendLogEntry(i18n("PCF import: decrypted group password found: %1").arg(grouppasswd), GlobalConfig->debug);
acc->setPreSharedKey( grouppasswd );
}
if ( GroupPwd.isEmpty() && grouppasswd.isEmpty())
saveGroupPwd = false;
acc->setSavePsk( saveGroupPwd );
if ( Description.isEmpty() )
{
Description = ( TQUrl( filename ).fileName() );
Description = Utils(this->GlobalConfig).removeSpecialCharsForFilename( Description.left( filename.section('/',-1).length() - 4 ));
}
if ( GroupName.isEmpty() )
{
GroupName = Utils(this->GlobalConfig).removeSpecialCharsForFilename( GroupName.left( filename.section('/',-1).length() - 4 ));
}
/*
AuthType=
The authentication type of the user:
1 = Pre-shared keys (default)
3 = Digital Certificate using an RSA signature.
5 = Mutual authentication (hybrid)
*/
int AuthType = config.readNumEntry( "AuthType" , -1 );
if (AuthType==-1)
AuthType = config.readNumEntry( "!AuthType", -1 );
if (GlobalConfig->KvpncDebugLevel > 0)
if (AuthType ==1)
GlobalConfig->appendLogEntry(i18n("PCF import: authentication type found: %1").arg(i18n("PSK")), GlobalConfig->debug);
else if (AuthType ==3)
GlobalConfig->appendLogEntry(i18n("PCF import: authentication type found: %1").arg(i18n("certificate")), GlobalConfig->debug);
else if (AuthType ==5)
GlobalConfig->appendLogEntry(i18n("PCF import: authentication type found: %1").arg(i18n("hybrid")), GlobalConfig->debug);
else
GlobalConfig->appendLogEntry(i18n("PCF import: no authentication type found, assuming %1").arg(i18n("PSK")), GlobalConfig->debug);
if (AuthType == 3 || AuthType == 5)
{
// vpnc has no cert support :(
acc->setConnectionType (VpnAccountData::ciscoorig);
acc->setAuthType( VpnAccountData::cert);
if (!CertName.isEmpty())
acc->setX509Certificate(CertName);
}
else if (AuthType == 1 )
acc->setAuthType( VpnAccountData::psk);
else
acc->setAuthType( VpnAccountData::psk);
bool useGlobalIpsecSecret = false;
acc->setUseGlobalIpsecSecret( useGlobalIpsecSecret );
bool useSingleDes = false;
acc->setUseSingleDes( useSingleDes );
//acc->setUseAdvancedSettings( useAdvancedSettings );
acc->setUseAdvancedSettings( true );
/*
std::cout << Description
std::cout << Gateway
std::cout << AuthType
std::cout << GroupName
std::cout << GroupPwd
std::cout << enc_GroupPwd
std::cout << Username
std::cout << saveUserPassword
std::cout << UserPassword
std::cout << NtDomain
std::cout << bool enableBackup
std::cout << BackupServer
std::cout << bool enableMSLogon
std::cout << TunnelingMode
std::cout << TunnelingPort
std::cout << CertStore
std::cout << CertName
std::cout << CertPath
std::cout << CertSubjectName
std::cout << CertSerialHash
std::cout << SendCertChain
std::cout << VerifyCertDN
std::cout << DHGroup
std::cout << ForceKeepAlives
std::cout << PeerTimeout
std::cout << EnableLocalLAN
std::cout << EnableSplitDNS
std::cout << saveGroupPwd
std::cout << usePerfectSecrecy
std::cout << useSingleDes
std::cout << useLocalPort
std::cout << useNtDomainName
std::cout << useLocalPort
std::cout << IkeGroup
std::cout << PerfectForwardSecrecy
std::cout << useAdvancedSettings
*/
/*
acc.setName( Description );
acc.setGateway( Gateway );
acc.setID( GroupName );
acc.setGroupPassword( GroupPwd );
acc.setUserName( Username );
acc.setUserPassword( UserPassword );
acc.setSaveUserPassword( saveUserPassword );
acc.setSaveGroupPassword( true );
//acc.setIkeGroup( TQString IkeGroup );
acc.setPerfectForwardSecrety( TQString PerfectForwardSecrecy );
acc.setNtDomainName( TQString Name );
acc.setApplicationVersion( TQString version );
acc.setUseSingleDes( bool useSingleDes );
acc.setLocalPort( int port );
acc.setUseIkeGroup( bool useIkeGroup);
acc.setUsePerfectForwardSecrety(bool usePerfectForwardSecrety);
acc.setUseNtDomainName(bool useNtDomainName);
acc.setUseApplicationVersion(bool useApplicationVersion);
acc.setUseLocalPort(bool useLocalPort);
acc.setUseAdvancedSettings(bool useAdvancedSettings);
acc.setUseGlobalIpsecSecret(bool useGlobalIpsecSecret);
*/
importOk = true;
//std::cout << "accept" << std::endl;
TQDialog::accept();
}
#include "importprofiledialog.moc"