NetworkManager-libreswan/nm-secret-whack.patch

diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan.c NetworkManager-openswan-0.8/properties/nm-openswan.c
--- NetworkManager-openswan-0.8-orig/properties/nm-openswan.c	2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/properties/nm-openswan.c	2010-07-08 12:15:43.376302841 -0400
@@ -426,7 +426,7 @@ init_plugin_ui (OpenswanPluginUiWidget *
 	}
 	g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
 
-	widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
+	/*widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
 	g_return_val_if_fail (widget != NULL, FALSE);
 	if (s_vpn) {
 		value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT);
@@ -442,7 +442,7 @@ init_plugin_ui (OpenswanPluginUiWidget *
 				gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
 		}
 	}
-	g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
+	g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/
 
 	widget = glade_xml_get_widget (priv->xml, "show_passwords_checkbutton");
 	g_return_val_if_fail (widget != NULL, FALSE);
@@ -530,20 +530,20 @@ update_connection (NMVpnPluginUiWidgetIn
 	if (str && strlen (str))
 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str);
 
-	widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
-	if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
-		nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0");
-	} else {
+	//widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
+	//if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
+	//	nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0");
+	//} else {
 		/* If DPD was disabled and now the user wishes to enable it, just
 		 * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the
 		 * default DPD idle time.  Otherwise keep the original DPD idle timeout.
 		 */
-		if (priv->orig_dpd_timeout >= 10) {
-			char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout);
-			nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp);
-			g_free (tmp);
-		}
-	}
+	//	if (priv->orig_dpd_timeout >= 10) {
+	//		char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout);
+	//		nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp);
+	//		g_free (tmp);
+	//	}
+	//}
 
 	upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES);
 	gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES);
diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade
--- NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade	2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade	2010-07-08 12:20:07.277052416 -0400
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE glade-interface SYSTEM "glade-2.0.dtd">
-<!--*- mode: xml -*-->
+<?xml version="1.0"?>
 <glade-interface>
+  <!-- interface-requires gtk+ 2.6 -->
+  <!-- interface-naming-policy toplevel-contextual -->
   <widget class="GtkWindow" id="openswan-widget">
     <property name="title" translatable="yes">window1</property>
     <child>
@@ -23,6 +23,7 @@
               <packing>
                 <property name="expand">False</property>
                 <property name="fill">False</property>
+                <property name="position">0</property>
               </packing>
             </child>
             <child>
@@ -37,18 +38,6 @@
                     <property name="column_spacing">6</property>
                     <property name="row_spacing">6</property>
                     <child>
-                      <placeholder/>
-                    </child>
-                    <child>
-                      <placeholder/>
-                    </child>
-                    <child>
-                      <placeholder/>
-                    </child>
-                    <child>
-                      <placeholder/>
-                    </child>
-                    <child>
                       <widget class="GtkComboBox" id="group_pass_type_combo">
                         <property name="visible">True</property>
                         <property name="items" translatable="yes"> </property>
@@ -74,10 +63,10 @@
                     </child>
                     <child>
                       <widget class="GtkCheckButton" id="show_passwords_checkbutton">
+                        <property name="label" translatable="yes">Show passwords</property>
                         <property name="visible">True</property>
                         <property name="can_focus">True</property>
-                        <property name="label" translatable="yes">Show passwords</property>
-                        <property name="response_id">0</property>
+                        <property name="receives_default">False</property>
                         <property name="draw_indicator">True</property>
                       </widget>
                       <packing>
@@ -197,6 +186,18 @@
                         <property name="y_options"></property>
                       </packing>
                     </child>
+                    <child>
+                      <placeholder/>
+                    </child>
+                    <child>
+                      <placeholder/>
+                    </child>
+                    <child>
+                      <placeholder/>
+                    </child>
+                    <child>
+                      <placeholder/>
+                    </child>
                   </widget>
                 </child>
               </widget>
@@ -207,6 +208,7 @@
           </widget>
           <packing>
             <property name="expand">False</property>
+            <property name="position">0</property>
           </packing>
         </child>
         <child>
@@ -223,6 +225,7 @@
               <packing>
                 <property name="expand">False</property>
                 <property name="fill">False</property>
+                <property name="position">0</property>
               </packing>
             </child>
             <child>
@@ -237,47 +240,6 @@
                     <property name="column_spacing">6</property>
                     <property name="row_spacing">6</property>
                     <child>
-                      <placeholder/>
-                    </child>
-                    <child>
-                      <widget class="GtkCheckButton" id="disable_dpd_checkbutton">
-                        <property name="visible">True</property>
-                        <property name="can_focus">True</property>
-                        <property name="label" translatable="yes">Disable Dead Peer Detection</property>
-                        <property name="response_id">0</property>
-                        <property name="draw_indicator">True</property>
-                      </widget>
-                      <packing>
-                        <property name="left_attach">1</property>
-                        <property name="right_attach">2</property>
-                        <property name="top_attach">4</property>
-                        <property name="bottom_attach">5</property>
-                      </packing>
-                    </child>
-                    <child>
-                      <widget class="GtkComboBox" id="encryption_combo">
-                        <property name="visible">True</property>
-                        <property name="items" translatable="yes"> </property>
-                      </widget>
-                      <packing>
-                        <property name="left_attach">1</property>
-                        <property name="right_attach">2</property>
-                        <property name="top_attach">2</property>
-                        <property name="bottom_attach">3</property>
-                      </packing>
-                    </child>
-                    <child>
-                      <widget class="GtkLabel" id="label1">
-                        <property name="visible">True</property>
-                        <property name="xalign">0</property>
-                        <property name="label" translatable="yes">Encryption method:</property>
-                      </widget>
-                      <packing>
-                        <property name="top_attach">2</property>
-                        <property name="bottom_attach">3</property>
-                      </packing>
-                    </child>
-                    <child>
                       <widget class="GtkLabel" id="label26">
                         <property name="visible">True</property>
                         <property name="xalign">0</property>
@@ -326,27 +288,22 @@
                       </packing>
                     </child>
                     <child>
-                      <widget class="GtkLabel" id="label2">
-                        <property name="visible">True</property>
-                        <property name="xalign">0</property>
-                        <property name="label" translatable="yes">NAT traversal:</property>
-                      </widget>
-                      <packing>
-                        <property name="top_attach">3</property>
-                        <property name="bottom_attach">4</property>
-                      </packing>
+                      <placeholder/>
                     </child>
                     <child>
-                      <widget class="GtkComboBox" id="natt_combo">
-                        <property name="visible">True</property>
-                        <property name="items" translatable="yes"> </property>
-                      </widget>
-                      <packing>
-                        <property name="left_attach">1</property>
-                        <property name="right_attach">2</property>
-                        <property name="top_attach">3</property>
-                        <property name="bottom_attach">4</property>
-                      </packing>
+                      <placeholder/>
+                    </child>
+                    <child>
+                      <placeholder/>
+                    </child>
+                    <child>
+                      <placeholder/>
+                    </child>
+                    <child>
+                      <placeholder/>
+                    </child>
+                    <child>
+                      <placeholder/>
                     </child>
                   </widget>
                 </child>
diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c
--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c	2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c	2010-07-08 16:05:26.372305285 -0400
@@ -218,6 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s
 
 
 static gint
+//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error)
 nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
 {
 	GPid	pid, pid_auto;
@@ -259,12 +260,14 @@ nm_openswan_start_openswan_binary (NMOPE
 
 	sleep(2);
 
-	/*ipsec auto --up <conn-name>*/
 	openswan_argv = g_ptr_array_new ();
 	g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
 	g_ptr_array_add (openswan_argv, (gpointer) "auto");
 	g_ptr_array_add (openswan_argv, (gpointer) "--up");
+	//g_ptr_array_add (openswan_argv, (gpointer) "--name");
 	g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
+	//g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass");
+	//g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
 	g_ptr_array_add (openswan_argv, NULL);
 
 	if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
@@ -277,13 +280,13 @@ nm_openswan_start_openswan_binary (NMOPE
 	}
 	g_ptr_array_free (openswan_argv, TRUE);
 
-        nm_info ("openswan: ipsec auto started with pid %d", pid_auto);
+	nm_info ("openswan: ipsec auto started with pid %d", pid_auto);
 
-        NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
-        openswan_watch = g_child_watch_source_new (pid_auto);
-        g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
-        g_source_attach (openswan_watch, NULL);
-        g_source_unref (openswan_watch);
+	NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
+	openswan_watch = g_child_watch_source_new (pid_auto);
+	g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
+	g_source_attach (openswan_watch, NULL);
+	g_source_unref (openswan_watch);
 
 	return stdin_fd;
 }
@@ -365,7 +368,7 @@ write_one_property (const char *key, con
 		//write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value);
 
                 if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) {
-		leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID);
+		        leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID);
                 write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value);
                 }
 
@@ -426,8 +429,8 @@ nm_openswan_config_write (NMSettingVPN *
 	gint conf_fd=-1;
 	gint secret_fd=-1;
 
-        conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
-        secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+        conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
+        secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
 
         fdtmp1 = conf_fd;
         if(fdtmp1 != -1) {
@@ -454,8 +457,10 @@ nm_openswan_config_write (NMSettingVPN *
         write_config_option (fdtmp1, " ike=aes-sha1\n");
         write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n");
         write_config_option (fdtmp1, " nm_configured=yes\n");
-	//write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH);
+        //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH);
         write_config_option (fdtmp1, " auto=add\n");
+        //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME));
+        //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME));
 	}
 
 	//default_username = nm_setting_vpn_get_user_name (s_vpn);
@@ -514,8 +519,8 @@ real_connect (NMVPNPlugin   *plugin,
 	if (!nm_openswan_secrets_validate (s_vpn, error))
 		goto out;
 
-        if (!nm_openswan_config_write (s_vpn, error))
-                goto out;
+	if (!nm_openswan_config_write (s_vpn, error))
+		goto out;
 
 	openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error);
 	if (openswan_fd < 0)
@@ -622,6 +627,9 @@ real_disconnect (NMVPNPlugin   *plugin,
         }
         g_ptr_array_free (openswan_argv, TRUE);
 
+        unlink("/etc/ipsec.d/ipsec-nm-conn1.conf");
+        unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets");
+
 	return TRUE;
 }
 
diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c
--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c	2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c	2010-07-06 15:10:51.737035482 -0400
@@ -195,7 +195,7 @@ addr_list_to_gvalue (const char *str)
  * PLUTO_MY_SOURCEIP		-- address
  * PLUTO_CISCO_DNS_INFO         -- list of dns serverss
  * PLUTO_CISCO_DOMAIN_INFO      -- default domain name
- * PLUTO_SERVERBANNER           -- banner from server
+ * PLUTO_PEER_BANNER           -- banner from server
  *
  */
 int 
@@ -288,7 +288,7 @@ main (int argc, char *argv[])
 		g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val);
 
 	/* Banner */
-	val = str_to_gvalue (getenv ("PLUTO_SERVERBANNER"), TRUE);
+	val = str_to_gvalue (getenv ("PLUTO_PEER_BANNER"), TRUE);
 	if (val)
 		g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val);