-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5005
-----------------------------------------------------------



settings/config/manageconnectionwidget.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4428>

At this point, it would probably be best to let the plugins specify the file extensions. The method could return a QStringList, which ManageConnectionWidget would collect from all installed plugins, then join them to a QString and call KFileDialog.



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4427>

You're using these a lot here, without actually checking the return value, so regardless of what the user clicked, the import will continue. I think you'd need to introduce a new error type, like UserCanceled, and return an empty QVariantList after setting mError to this if Cancel was clicked (also, ManageConnectionWidget should recognize this error type and not display any additional pop-ups).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4429>

According to http://openvpn.net/index.php/open-source/documentation/howto.html#examples user and group work only on non-Windows systems, also, we have no idea about the configuration of the system which will use the exported file, so user/group should probably be nobody, or we shouldn't write that out at all.


- Ilia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110723/fb0b0585/attachment.htm

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5008
-----------------------------------------------------------



libs/ui/vpnuiplugin.h
<http://git.reviewboard.kde.org/r/102059/#comment4440>

I have access to one OpenVPN connection. Your patch works, I could export my connection, import it again and it still connects.


- Lamarque Vieira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110723/0c134af3/attachment.htm

Actually, that's not quite true. Yes, on old DOS-like systems you had the 8+3 rule, but any modern Windows system can handle arbitrary file names files with an arbitrary file extension (or none at all). Just look at for example XAMPP for Win, they're using the standard *.conf files for apache configuration. And according to http://openvpn.net/index.php/open-source/documentation/howto.html#install they are in fact using *.ovpn.
Do we need to change the main CMakeLists.txt, or the one of the OpenVPN plugin? Another question is if that's actually needed. The isEncrypted method is only used to set the flags for the cerficate password, but since we're calling the connection editor afterwards anyway, I think we can skip that part here, the user will then simply change the combo box as needed and the flags will be set when saving the connection. And from what I can tell (./configure --help from NM's sources) NM can be compiled with either Nss or GnuTLS, so Nss is not always installed.


- Ilia


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5004
-----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110723/8d548424/attachment-0001.htm

Ok then.
Actually it is vpnplugins/CMakeLists.txt, that is the one that selects which plugins are going to be compiled. The importing code must do everything automatically without user intervention, we cannot rely on user changing the combo box value before saving the configuration. If nss is not always used then we have a problem, we need to detect which one is installed and implement isEncrypted method with the one we find.


- Lamarque Vieira


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5004
-----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110723/44158886/attachment.htm

I'd still prefer keeping plugin-specific stuff in the OpenVPN-CMakeLists.txt.
The fact is, we already require user interaction by omitting any password flags, which defaults to None (saved by NM), so the combo box will be set to Store, and the user will have to change it to Not Required. If no user password is required or the certificate is unencrypted, the flags should be set to NotRequired. We could, of course, default to NotRequired for all certificates, that way not encrypted certificates would not require any interaction, while encrypted certificates, which require interaction anyway (either by typing in the password or by changing the combo box to Always ask), would require two mouse clicks more.
Oh, and Rajeesh, I noticed you changed the return type of exportConnectionSettings from void to bool, could you do that for the OpenConnect plugin, too?


- Ilia


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5004
-----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110723/30a5f774/attachment-0001.htm

Since this is needed only for a small part of the import code it can be done in vpnplugins/openvpn/CMakeLists.txt, but we will have to detect which implementation we will use, preferably the one used by NM.
We must use sane defaults when possible. This is an importing code, it is supposed to minimize user interaction as much as possible. Set the combo box value accordingly to the information we have: if the certificate is not encrypted than set the value to NotRequired. If it is encrypted set it to AlwaysAsk. If the user wants to save the password than he/she can change the combo box. In all cases if user starts to type a password and the combo box is different from Store then change the combo box to AlwaysAsk. Always Ask should be default unless user has configured it to Store. NotRequired is to be used only when there is no other option.


- Lamarque Vieira


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5004
-----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110723/7e4a90bd/attachment.htm

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/
-----------------------------------------------------------

(Updated July 24, 2011, 2:42 p.m.)


Review request for Network Management.


Summary
-------

Caveat emptor: There is one unresolved issue with isEncrypted() function - we need to check of key file is PKCS12 format or not. nm-applet achieves this through a call to nm_setting_802_1x_set_private_key(). I've googled a lot, and looks like there is no way to check PKCS12 file format in either Qt or KDE.
If we are to add ad-hoc support via SEC_PKCS12DecoderStart and related functions from nss (which is what NetworkManager does), it wil introduce a new dependency on nss-devel.


This addresses bug 194099.
http://bugs.kde.org/show_bug.cgi?id=194099


Diffs (updated)
-----

libs/ui/vpnuiplugin.h 932d86f
settings/config/manageconnectionwidget.h 8f7a205
settings/config/manageconnectionwidget.cpp 780d50f
vpnplugins/novellvpn/novellvpn.h a95926b
vpnplugins/novellvpn/novellvpn.cpp 61d5519
vpnplugins/openconnect/openconnectui.h 8098aec
vpnplugins/openconnect/openconnectui.cpp 4d43afd
vpnplugins/openvpn/openvpn.h 4607cd5
vpnplugins/openvpn/openvpn.cpp 6f126b8
vpnplugins/pptp/pptp.h e513d3c
vpnplugins/pptp/pptp.cpp e4efbd7
vpnplugins/strongswan/strongswan.h d648217
vpnplugins/strongswan/strongswan.cpp 9d4a8be
vpnplugins/vpnc/vpnc.h 0b3f6db
vpnplugins/vpnc/vpnc.cpp ea24cf1

Diff: http://git.reviewboard.kde.org/r/102059/diff


Testing
-------

Only lightly tested, seems to import/export OK for sample configuration file. I don't have an OpenVPN connection, so it would be great if someone could test.


Thanks,

Rajeesh

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110724/fe9062bf/attachment.htm

I've changed Knm::Setting::AgentOwned to Knm::Setting::NotSaved by default.
Not sure how to go about is_pkcs12 check; I'm in favour of Ilia to drop the check altogether; considering if the complexity is really worth it.


- Rajeesh


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5004
-----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110724/b9c068dc/attachment.htm

It seems NM is smart enough to not ask for certificate's password when the certificate in not encrypted even when we set the password flag to NotSaved. So everything seems Ok here.


- Lamarque Vieira


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5004
-----------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110724/484d6010/attachment-0001.htm

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/102059/#review5004
-----------------------------------------------------------



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4439>

There is no problem in adding nss-devel as dependency. Nss is also used by NetworkManager, so it is already installed. We just need to change the main CMakeLists.txt to look for it and disable openvpn importing/exporting if it is not installed and emmit a warning when that happen.



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4417>

Using spaces and parenthesis in files names in Unix-like systems is no good. Change then to underscore instead: _.



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4434>

You should not try to import a file whose extension is not supported (.ovpn and *.conf this this case). Windows does not support file extensions with more than three characters, do you know what is the extension they use?



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4419>

Extend this warning message by adding the number of arguments found and the expected number (or range).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4418>

Extend this warning message by adding the number of arguments found and the expected number (or range).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4420>

Extend this warning message by adding the size found and the expected size.



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4421>

Extend this warning message by adding the number of arguments found and the expected number (or range).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4422>

Extend this warning message by adding the size found and the expected size.



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4423>

Extend this warning message by adding the number of arguments found and the expected number (or range).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4424>

Extend this warning message by adding the size found and the expected size.



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4425>

Extend this warning message by adding the number of arguments found and the expected number (or range).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4426>

Extend this warning message by adding the number of arguments found and the expected number (or range).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4435>

Extend this warning message by adding the number of arguments found and the expected number (or range).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4436>

Extend this warning message by adding the number of arguments found and the expected number (or range).



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4437>

Better not use contraction ("wasn't") in formal text. I think we can change this text to "File %1 is not a valid OpenVPN's client configuration file".



vpnplugins/openvpn/openvpn.cpp
<http://git.reviewboard.kde.org/r/102059/#comment4438>

"File %1 is not a valid OpenVPN configuration file (no remote)"


- Lamarque Vieira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-networkmanager/attachments/20110723/9e0a43e7/attachment-0001.html>