From 08f137fc1113b3a85c99a3e89a920c3a088d8a31 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Tue, 10 Dec 2013 17:51:36 -0500 Subject: [PATCH] New upstream release 0.9.8.4 - Fixed 926225 - Fixed dependency to libreswan. - Created a new sub package NetworkManager-openswan-gnome - Various other spec file fixes. - Additional code changes are as follows: - Fixed an issue where proper network stack is not loaded unless _stackmanager is run before starting pluto daemon service. - Fixed the termination operation of pluto daemon to comply with libreswan changes. - Fixed various debug messages. - Fixed initiation of pluto daemon by this plugin to reflect the changes in libreaswan. - Fixed defaults values for more parameters to help the VPN connection stay more reliable. - Rewrote pluto watch API which watches the pluto process for its status. Fixed memory leak issues as not all child processes were reaped correctly. Also g_spwan_close_pid was not being called after children were reaped. Also modified debugs and added more to help with debugging in the future. - Fixed an issue where nm-openswan service is searching for ipsec binary in both /sbin and /usr/sbin leading to same operation twice, as /sbin is just symlink to /usr/sbin, so removed /sbin from the search paths. - Fixed some libreswan related macro changes. - Fixed netmask issue when sending IP information to the nm openswan plugin service. - Fixed the current code as it does not set the default route field NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN information to nm-openswan plugin. This fix sets the field to TRUE. - Fixed some issues found by coverity scan. - Fixed an issue where writing configuration on stdin should not end with \n as it gives error. It used to work previously, but not with latest NetworkManager versions. - libreswan related fixes, as some macros have been modified after forking to libreswan from openswan. - openswan/libreswan does not provide tun0 interface, so fixed the code where it sends tun0 interface. - Fix prcoessing of nm-openswan-dialog.ui file and added more error notifications. - Fixed dead code based on coverity scan. - Fixed gnomekeyring lib dependencies. - Fixed Networkmanager and related lib dependencies. - Fixed gtk label max width issue by setting it to 35. - NM-openswan was missing support for nm-openswan-auth-dialog.desktop.in.in. So added a new nm-openswan-auth-dialog.desktop.in.in, and modified related Makefile and configure.ac files. --- .gitignore | 2 + ...missing-support-for-nm-openswan-auth.patch | 67 +++++++ ...-max-width-issue-by-setting-it-to-35.patch | 33 ++++ ...manager-and-related-lib-dependencies.patch | 31 ++++ ...-Fixed-gnomekeyring-lib-dependencies.patch | 34 ++++ ...xed-dead-code-based-on-coverity-scan.patch | 145 +++++++++++++++ ...f-nm-openswan-dialog.ui-file-and-add.patch | 59 ++++++ ...an-does-not-provide-tun0-interface-s.patch | 98 ++++++++++ ...d-fixes-as-some-macros-have-been-mod.patch | 52 ++++++ ...here-writing-configuration-on-stdin-.patch | 28 +++ 0010-Fixed-more-coverity-scan-issues.patch | 175 ++++++++++++++++++ ...t-code-as-it-does-not-set-the-defaul.patch | 55 ++++++ ...sue-when-sending-IP-information-to-t.patch | 36 ++++ ...Fixed-more-libreswan-related-changes.patch | 68 +++++++ ...here-nm-openswan-service-is-searchin.patch | 27 +++ ...tch-API-which-watches-the-pluto-proc.patch | 131 +++++++++++++ ...alues-for-more-parameters-to-help-th.patch | 28 +++ ...-of-pluto-daemon-by-this-plugin-to-r.patch | 50 +++++ 0018-Fixed-various-debug-messages.patch | 103 +++++++++++ ...ation-operation-of-pluto-daemon-to-c.patch | 44 +++++ ...here-proper-network-stack-is-not-loa.patch | 39 ++++ NetworkManager-openswan.spec | 141 ++++++++++++-- sources | 4 +- 23 files changed, 1437 insertions(+), 13 deletions(-) create mode 100644 0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch create mode 100644 0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch create mode 100644 0003-Fixed-Networkmanager-and-related-lib-dependencies.patch create mode 100644 0004-Fixed-gnomekeyring-lib-dependencies.patch create mode 100644 0005-Fixed-dead-code-based-on-coverity-scan.patch create mode 100644 0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch create mode 100644 0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch create mode 100644 0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch create mode 100644 0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch create mode 100644 0010-Fixed-more-coverity-scan-issues.patch create mode 100644 0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch create mode 100644 0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch create mode 100644 0013-Fixed-more-libreswan-related-changes.patch create mode 100644 0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch create mode 100644 0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch create mode 100644 0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch create mode 100644 0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch create mode 100644 0018-Fixed-various-debug-messages.patch create mode 100644 0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch create mode 100644 0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch diff --git a/.gitignore b/.gitignore index 6f4e6a5..ae1f9c7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ NetworkManager-openswan-0.8.tar.gz /NetworkManager-openswan-0.9.8.0.sha256sum /NetworkManager-openswan-0.9.8.0.tar.xz +/NetworkManager-openswan-0.9.8.4.sha256sum +/NetworkManager-openswan-0.9.8.4.tar.xz diff --git a/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch b/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch new file mode 100644 index 0000000..e745bde --- /dev/null +++ b/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch @@ -0,0 +1,67 @@ +From ce807219123614d8496b29b591b8147dc190db54 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:38:23 -0500 +Subject: [PATCH 01/20] NM-openswan was missing support for + nm-openswan-auth-dialog.desktop.in.in. So added a new + nm-openswan-auth-dialog.desktop.in.in, and modified related Makefile and + configure.ac files. + +--- + auth-dialog/Makefile.am | 15 ++++++++++++++- + auth-dialog/nm-openswan-auth-dialog.desktop.in.in | 7 +++++++ + configure.ac | 1 + + 3 files changed, 22 insertions(+), 1 deletion(-) + create mode 100644 auth-dialog/nm-openswan-auth-dialog.desktop.in.in + +diff --git a/auth-dialog/Makefile.am b/auth-dialog/Makefile.am +index 4b5a01d..d1e8711 100644 +--- a/auth-dialog/Makefile.am ++++ b/auth-dialog/Makefile.am +@@ -22,5 +22,18 @@ nm_openswan_auth_dialog_LDADD = \ + $(GTK_LIBS) \ + $(GNOMEKEYRING_LIBS) + +-CLEANFILES = *~ ++@INTLTOOL_DESKTOP_RULE@ ++desktopdir = $(datadir)/applications ++desktop_in_in_files = nm-openswan-auth-dialog.desktop.in.in ++desktop_in_files = nm-openswan-auth-dialog.desktop.in ++desktop_DATA = $(desktop_in_files:.desktop.in=.desktop) + ++EXTRA_DIST = \ ++ $(desktop_in_in_files) ++ ++CLEANFILES = \ ++ *~ \ ++ $(desktop_DATA) ++ ++DISTCLEANFILES = \ ++ $(desktop_in_files) +diff --git a/auth-dialog/nm-openswan-auth-dialog.desktop.in.in b/auth-dialog/nm-openswan-auth-dialog.desktop.in.in +new file mode 100644 +index 0000000..9c91b6b +--- /dev/null ++++ b/auth-dialog/nm-openswan-auth-dialog.desktop.in.in +@@ -0,0 +1,7 @@ ++[Desktop Entry] ++_Name=Network ++_Comment=Request VPN authentication ++Exec=@LIBEXECDIR@/nm-openswan-auth-dialog ++Terminal=false ++Type=Application ++NoDisplay=true +diff --git a/configure.ac b/configure.ac +index b214ef7..10af655 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -114,6 +114,7 @@ AC_CONFIG_FILES([ + Makefile + src/Makefile + auth-dialog/Makefile ++auth-dialog/nm-openswan-auth-dialog.desktop.in + properties/Makefile + po/Makefile.in + ]) +-- +1.8.3.1 + diff --git a/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch b/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch new file mode 100644 index 0000000..8cc7230 --- /dev/null +++ b/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch @@ -0,0 +1,33 @@ +From fc10d570b9291e687e4b1dfbfcf8c5c8f5f38f02 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:39:57 -0500 +Subject: [PATCH 02/20] Fixed gtk label max width issue by setting it to 35. + +--- + auth-dialog/vpn-password-dialog.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/auth-dialog/vpn-password-dialog.c b/auth-dialog/vpn-password-dialog.c +index 9fa2509..685e17e 100644 +--- a/auth-dialog/vpn-password-dialog.c ++++ b/auth-dialog/vpn-password-dialog.c +@@ -29,6 +29,8 @@ + #include + #include + ++#include "src/nm-openswan-service.h" ++ + G_DEFINE_TYPE (VpnPasswordDialog, vpn_password_dialog, GTK_TYPE_DIALOG) + + #define VPN_PASSWORD_DIALOG_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), \ +@@ -278,6 +280,7 @@ vpn_password_dialog_new (const char *title, + message_label = GTK_LABEL (gtk_label_new (message)); + gtk_label_set_justify (message_label, GTK_JUSTIFY_LEFT); + gtk_label_set_line_wrap (message_label, TRUE); ++ gtk_label_set_max_width_chars (message_label, 35); + gtk_size_group_add_widget (priv->group, GTK_WIDGET (message_label)); + gtk_box_pack_start (GTK_BOX (main_vbox), GTK_WIDGET (message_label), FALSE, FALSE, 0); + gtk_size_group_add_widget (priv->group, priv->table_alignment); +-- +1.8.3.1 + diff --git a/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch b/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch new file mode 100644 index 0000000..0cc7ecc --- /dev/null +++ b/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch @@ -0,0 +1,31 @@ +From d39ea5f4a0d3048c5109550833ce8af743540a0e Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:41:36 -0500 +Subject: [PATCH 03/20] Fixed Networkmanager and related lib dependencies. + +--- + configure.ac | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 10af655..27e2242 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -66,10 +66,10 @@ AC_SUBST(DBUS_CFLAGS) + AC_SUBST(DBUS_LIBS) + + PKG_CHECK_MODULES(NM, +- NetworkManager >= 0.9.6 +- libnm-util >= 0.9.6 +- libnm-glib >= 0.9.6 +- libnm-glib-vpn >= 0.9.6) ++ NetworkManager >= 0.9.8 ++ libnm-util >= 0.9.8 ++ libnm-glib >= 0.9.8 ++ libnm-glib-vpn >= 0.9.8) + AC_SUBST(NM_CFLAGS) + AC_SUBST(NM_LIBS) + +-- +1.8.3.1 + diff --git a/0004-Fixed-gnomekeyring-lib-dependencies.patch b/0004-Fixed-gnomekeyring-lib-dependencies.patch new file mode 100644 index 0000000..160d39c --- /dev/null +++ b/0004-Fixed-gnomekeyring-lib-dependencies.patch @@ -0,0 +1,34 @@ +From 41fd9ad25736659b3a465630bca7da294b1204e5 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:42:50 -0500 +Subject: [PATCH 04/20] Fixed gnomekeyring lib dependencies. + +--- + properties/Makefile.am | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/properties/Makefile.am b/properties/Makefile.am +index f599e21..abbf208 100644 +--- a/properties/Makefile.am ++++ b/properties/Makefile.am +@@ -12,6 +12,7 @@ ui_DATA = nm-openswan-dialog.ui + + libnm_openswan_properties_la_CPPFLAGS = \ + $(GTK_CFLAGS) \ ++ $(GNOMEKEYRING_CFLAGS) \ + $(NM_CFLAGS) \ + -DICONDIR=\""$(datadir)/pixmaps"\" \ + -DUIDIR=\""$(uidir)"\" \ +@@ -22,7 +23,8 @@ libnm_openswan_properties_la_CPPFLAGS = \ + + libnm_openswan_properties_la_LIBADD = \ + $(GTK_LIBS) \ +- $(NM_LIBS) ++ $(NM_LIBS) \ ++ $(GNOMEKEYRING_LIBS) + + libnm_openswan_properties_la_LDFLAGS = \ + -avoid-version +-- +1.8.3.1 + diff --git a/0005-Fixed-dead-code-based-on-coverity-scan.patch b/0005-Fixed-dead-code-based-on-coverity-scan.patch new file mode 100644 index 0000000..18fa120 --- /dev/null +++ b/0005-Fixed-dead-code-based-on-coverity-scan.patch @@ -0,0 +1,145 @@ +From ff5dfb0a75d4312ddc923dff637ad180266ff923 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:44:24 -0500 +Subject: [PATCH 05/20] Fixed dead code based on coverity scan. + +--- + properties/nm-openswan.c | 94 ++++++++++++++++-------------------------------- + 1 file changed, 31 insertions(+), 63 deletions(-) + +diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c +index 75acedd..c13de36 100644 +--- a/properties/nm-openswan.c ++++ b/properties/nm-openswan.c +@@ -158,6 +158,36 @@ stuff_changed_cb (GtkWidget *widget, gpointer user_data) + } + + static void ++setup_password_widget (OpenswanPluginUiWidget *self, ++ const char *entry_name, ++ NMSettingVPN *s_vpn, ++ const char *secret_name, ++ gboolean new_connection) ++{ ++ OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); ++ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; ++ GtkWidget *widget; ++ const char *value; ++ ++ if (new_connection) ++ secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED; ++ ++ widget = (GtkWidget *) gtk_builder_get_object (priv->builder, entry_name); ++ g_assert (widget); ++ gtk_size_group_add_widget (priv->group, widget); ++ ++ if (s_vpn) { ++ value = nm_setting_vpn_get_secret (s_vpn, secret_name); ++ gtk_entry_set_text (GTK_ENTRY (widget), value ? value : ""); ++ nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_name, &secret_flags, NULL); ++ } ++ secret_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); ++ g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (secret_flags)); ++ ++ g_signal_connect (widget, "changed", G_CALLBACK (stuff_changed_cb), self); ++} ++ ++static void + show_toggled_cb (GtkCheckButton *button, OpenswanPluginUiWidget *self) + { + OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); +@@ -301,35 +331,6 @@ init_one_pw_combo (OpenswanPluginUiWidget *self, + g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (pw_type_combo_changed_cb), self); + } + +-static void +-setup_password_widget (OpenswanPluginUiWidget *self, +- const char *entry_name, +- NMSettingVPN *s_vpn, +- const char *secret_name, +- gboolean new_connection) +-{ +- OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); +- NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; +- GtkWidget *widget; +- const char *value; +- +- if (new_connection) +- secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED; +- +- widget = (GtkWidget *) gtk_builder_get_object (priv->builder, entry_name); +- g_assert (widget); +- gtk_size_group_add_widget (priv->group, widget); +- +- if (s_vpn) { +- value = nm_setting_vpn_get_secret (s_vpn, secret_name); +- gtk_entry_set_text (GTK_ENTRY (widget), value ? value : ""); +- nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_name, &secret_flags, NULL); +- } +- secret_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); +- g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (secret_flags)); +- +- g_signal_connect (widget, "changed", G_CALLBACK (stuff_changed_cb), self); +-} + + static gboolean + init_plugin_ui (OpenswanPluginUiWidget *self, +@@ -338,7 +339,7 @@ init_plugin_ui (OpenswanPluginUiWidget *self, + GError **error) + { + OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); +- NMSettingVPN *s_vpn; ++ NMSettingVPN *s_vpn = NULL; + GtkWidget *widget; + const char *value = NULL; + +@@ -435,24 +436,6 @@ init_plugin_ui (OpenswanPluginUiWidget *self, + } + g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); + +- /*widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); +- g_return_val_if_fail (widget != NULL, FALSE); +- if (s_vpn) { +- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT); +- if (value) { +- long int tmp; +- +- errno = 0; +- tmp = strtol (value, NULL, 10); +- if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0) +- priv->orig_dpd_timeout = (guint32) tmp; +- +- if (priv->orig_dpd_timeout == 0) +- gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); +- } +- } +- g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/ +- + widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton")); + g_return_val_if_fail (widget != NULL, FALSE); + g_signal_connect (G_OBJECT (widget), "toggled", +@@ -563,21 +546,6 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, + if (str && strlen (str)) + nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str); + +- //widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); +- //if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { +- // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); +- //} else { +- /* If DPD was disabled and now the user wishes to enable it, just +- * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the +- * default DPD idle time. Otherwise keep the original DPD idle timeout. +- */ +- // if (priv->orig_dpd_timeout >= 10) { +- // char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); +- // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); +- // g_free (tmp); +- // } +- //} +- + save_one_password (s_vpn, + priv->builder, + "user_password_entry", +-- +1.8.3.1 + diff --git a/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch b/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch new file mode 100644 index 0000000..5ac53d5 --- /dev/null +++ b/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch @@ -0,0 +1,59 @@ +From bc55d220fe7fe7b377aa21d1e2c153d54716e4ec Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:50:05 -0500 +Subject: [PATCH 06/20] Fix prcoessing of nm-openswan-dialog.ui file and added + more error notifications. + +--- + properties/nm-openswan.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c +index c13de36..e164e85 100644 +--- a/properties/nm-openswan.c ++++ b/properties/nm-openswan.c +@@ -462,7 +462,7 @@ save_one_password (NMSettingVPN *s_vpn, + const char *secret_key, + const char *type_key) + { +- NMSettingSecretFlags flags; ++ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; + const char *data_val = NULL, *password; + GtkWidget *entry, *combo; + +@@ -577,6 +577,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) + { + NMVpnPluginUiWidgetInterface *object; + OpenswanPluginUiWidgetPrivate *priv; ++ char *ui_file; + NMSettingVPN *s_vpn; + gboolean is_new = TRUE; + +@@ -591,15 +592,23 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) + + priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (object); + ++ ui_file = g_strdup_printf ("%s/%s", UIDIR, "nm-openswan-dialog.ui"); + priv->builder = gtk_builder_new (); + g_assert (priv->builder); + + gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE); + +- if (gtk_builder_add_from_file (priv->builder, UIDIR "/nm-openswan-dialog.ui", error) == 0) { ++ if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) { ++ g_warning ("Couldn't load builder file: %s", ++ error && *error ? (*error)->message : "(unknown)"); ++ g_clear_error (error); ++ g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0, ++ "could not load required resources at %s", ui_file); ++ g_free (ui_file); + g_object_unref (object); + return NULL; + } ++ g_free (ui_file); + + priv->widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "openswan-vbox")); + if (!priv->widget) { +-- +1.8.3.1 + diff --git a/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch b/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch new file mode 100644 index 0000000..d1f6ad5 --- /dev/null +++ b/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch @@ -0,0 +1,98 @@ +From db46fa8f456b7b21ad259ffab4a5b4e51e8c5809 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:58:50 -0500 +Subject: [PATCH 07/20] openswan/libreswan does not provide tun0 interface, so + fixed the code where it sends tun0 interface. + +--- + src/nm-openswan-service-helper.c | 26 ++++++++++++++++++++------ + src/nm-openswan-service.h | 4 ++++ + 2 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index d0b4e19..35cd9d9 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -202,12 +202,13 @@ int + main (int argc, char *argv[]) + { + DBusGConnection *connection; +- char *tmp; ++ char *tmp=NULL; + GHashTable *config; + GValue *val; + GError *err = NULL; +- //struct in_addr temp_addr; ++ struct in_addr temp_addr; + //long int mtu = 1412; ++ char nmask[16]="255.255.255.255"; + + #if !GLIB_CHECK_VERSION (2, 35, 0) + g_type_init (); +@@ -237,13 +238,25 @@ main (int argc, char *argv[]) + else + helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)"); + ++ ++ /* ++ * Tunnel device ++ * Indicate that openswan plugin doesn't use tun/tap device ++ */ ++ val = g_slice_new0 (GValue); ++ g_value_init (val, G_TYPE_STRING); ++ g_value_set_string (val, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE); ++ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); ++ ++#if 0 + /* Tunnel device */ + //val = str_to_gvalue (getenv ("TUNDEV"), FALSE); +- val = str_to_gvalue ("tun0", FALSE); ++ //val = str_to_gvalue ("tun0", FALSE); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); + else + helper_failed (connection, "Tunnel Device"); ++#endif + + /* IP address */ + val = addr_to_gvalue (getenv ("PLUTO_MY_SOURCEIP")); +@@ -258,9 +271,10 @@ main (int argc, char *argv[]) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val); + else + helper_failed (connection, "IP4 PTP Address"); +-#if 0 ++//#if 0 + /* Netmask */ +- tmp = getenv ("INTERNAL_IP4_NETMASK"); ++ //tmp = getenv ("INTERNAL_IP4_NETMASK"); ++ tmp = nmask; + if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) { + GValue *value; + +@@ -270,7 +284,7 @@ main (int argc, char *argv[]) + + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value); + } +-#endif ++//#endif + + /* DNS */ + val = addr_list_to_gvalue (getenv ("PLUTO_CISCO_DNS_INFO")); +diff --git a/src/nm-openswan-service.h b/src/nm-openswan-service.h +index cd79b43..0b6022d 100644 +--- a/src/nm-openswan-service.h ++++ b/src/nm-openswan-service.h +@@ -54,6 +54,10 @@ + #define NM_OPENSWAN_PW_TYPE_ASK "ask" + #define NM_OPENSWAN_PW_TYPE_UNUSED "unused" + ++#ifndef NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE ++#define NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE "_none_" ++#endif ++ + typedef struct { + NMVPNPlugin parent; + } NMOPENSWANPlugin; +-- +1.8.3.1 + diff --git a/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch b/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch new file mode 100644 index 0000000..035f61d --- /dev/null +++ b/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch @@ -0,0 +1,52 @@ +From 571c3af579c5753b82aab522486b6af45b27d7d8 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:01:00 -0500 +Subject: [PATCH 08/20] libreswan related fixes, as some macros have been + modified after forking to libreswan from openswan. + +--- + src/nm-openswan-service-helper.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index 35cd9d9..07bc576 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -210,6 +210,7 @@ main (int argc, char *argv[]) + //long int mtu = 1412; + char nmask[16]="255.255.255.255"; + ++ + #if !GLIB_CHECK_VERSION (2, 35, 0) + g_type_init (); + #endif +@@ -217,7 +218,7 @@ main (int argc, char *argv[]) + /* openswan gives us a "reason" code. If we are given one, + * don't proceed unless its "connect". + */ +- tmp = getenv ("openswan_reason"); ++ tmp = getenv ("libreswan_reason"); + if (tmp && strcmp (tmp, "connect") != 0) + exit (0); + +@@ -287,7 +288,7 @@ main (int argc, char *argv[]) + //#endif + + /* DNS */ +- val = addr_list_to_gvalue (getenv ("PLUTO_CISCO_DNS_INFO")); ++ val = addr_list_to_gvalue (getenv ("PLUTO_PEER_DNS_INFO")); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); + +@@ -299,7 +300,7 @@ main (int argc, char *argv[]) + #endif + + /* Default domain */ +- val = str_to_gvalue (getenv ("PLUTO_CISCO_DOMAIN_INFO"), TRUE); ++ val = str_to_gvalue (getenv ("PLUTO_PEER_DOMAIN_INFO"), TRUE); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val); + +-- +1.8.3.1 + diff --git a/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch b/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch new file mode 100644 index 0000000..a3cd52c --- /dev/null +++ b/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch @@ -0,0 +1,28 @@ +From 85774a1cd6f94e1d23ad0403bc912d4671503434 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:05:06 -0500 +Subject: [PATCH 09/20] Fixed an issue where writing configuration on stdin + should not end with \n as it gives error. It used to work previously, but not + with latest NetworkManager versions. + +--- + src/nm-openswan-service.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index ec0553c..f9bea3d 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -577,7 +577,8 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + + write_config_option (fdtmp1, " nm_configured=yes\n"); + //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); +- write_config_option (fdtmp1, " auto=add\n"); ++ //write_config_option (fdtmp1, " auto=add\n"); ++ write_config_option (fdtmp1, " auto=add"); + //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); + //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); + } +-- +1.8.3.1 + diff --git a/0010-Fixed-more-coverity-scan-issues.patch b/0010-Fixed-more-coverity-scan-issues.patch new file mode 100644 index 0000000..ecc7413 --- /dev/null +++ b/0010-Fixed-more-coverity-scan-issues.patch @@ -0,0 +1,175 @@ +From 0cae80518c6329f1575bf46b615123a5e034515a Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:33:38 -0500 +Subject: [PATCH 10/20] Fixed more coverity scan issues. + +--- + src/Makefile.am | 3 --- + src/nm-openswan-service-helper.c | 21 ------------------- + src/nm-openswan-service.c | 44 ---------------------------------------- + 3 files changed, 68 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 12ce851..4f3e316 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -21,17 +21,14 @@ nm_openswan_service_SOURCES = \ + nm-openswan-service.c \ + nm-openswan-service.h + +- + nm_openswan_service_LDADD = \ + $(DBUS_LIBS) \ + $(GTHREAD_LIBS) \ + $(NM_LIBS) + +- + nm_openswan_service_helper_SOURCES = \ + nm-openswan-service-helper.c + +- + nm_openswan_service_helper_LDADD = \ + $(DBUS_LIBS) \ + $(GTHREAD_LIBS) \ +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index 07bc576..e148b26 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -207,7 +207,6 @@ main (int argc, char *argv[]) + GValue *val; + GError *err = NULL; + struct in_addr temp_addr; +- //long int mtu = 1412; + char nmask[16]="255.255.255.255"; + + +@@ -292,12 +291,6 @@ main (int argc, char *argv[]) + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); + +-#if 0 +- /* WINS servers */ +- val = addr_list_to_gvalue (getenv ("INTERNAL_IP4_NBNS")); +- if (val) +- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val); +-#endif + + /* Default domain */ + val = str_to_gvalue (getenv ("PLUTO_PEER_DOMAIN_INFO"), TRUE); +@@ -309,20 +302,6 @@ main (int argc, char *argv[]) + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val); + +-#if 0 +- /* MTU */ +- tmp = getenv ("INTERNAL_IP4_MTU"); +- if (tmp && strlen (tmp)) { +- errno = 0; +- mtu = strtol (tmp, NULL, 10); +- if (errno || mtu < 0 || mtu > 20000) { +- g_warning ("Ignoring invalid tunnel MTU '%s'", tmp); +- mtu = 1412; +- } +- } +- val = uint_to_gvalue ((guint32) mtu); +- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_MTU, val); +-#endif + + /* Send the config info to nm-openswan-service */ + send_ip4_config (connection, config); +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index f9bea3d..64792a6 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -308,11 +308,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + g_ptr_array_add (openswan_argv, (gpointer) "--add"); + g_ptr_array_add (openswan_argv, (gpointer) "--config"); + g_ptr_array_add (openswan_argv, (gpointer) "-"); +- //g_ptr_array_add (openswan_argv, (gpointer) "--up"); +- //g_ptr_array_add (openswan_argv, (gpointer) "--name"); + g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); +- //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); +- //g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); + g_ptr_array_add (openswan_argv, NULL); + + if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, +@@ -524,17 +520,11 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + { + WriteConfigInfo *info; + const char *props_username; +- //const char *props_natt_mode; + const char *default_username; + const char *phase1_alg_str; + const char *phase2_alg_str; +- //const char *pw_type; + gint fdtmp1=-1; +- //gint conf_fd=-1; +- //gint secret_fd=-1; + +- //conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); +- //secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); + + fdtmp1 = openswan_fd; + if(fdtmp1 != -1) { +@@ -576,49 +566,17 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + } + + write_config_option (fdtmp1, " nm_configured=yes\n"); +- //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); +- //write_config_option (fdtmp1, " auto=add\n"); + write_config_option (fdtmp1, " auto=add"); +- //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); +- //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); + } + +- //default_username = nm_setting_vpn_get_user_name (s_vpn); +- +- /* Fill username if it's not present */ +- /*props_username = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); +- if ( default_username +- && strlen (default_username) +- && (!props_username || !strlen (props_username))) { +- write_config_option (openswan_fd, +- NM_OPENSWAN_LEFTXAUTHUSER " %s\n", +- default_username); +- }*/ +- + info = g_malloc0 (sizeof (WriteConfigInfo)); +- //info->fd = openswan_fd; +- //info->conf_fd = conf_fd; + info->conf_fd = openswan_fd; +- //info->secret_fd = secret_fd; + info->s_vpn = s_vpn; + +- /* Check for ignored user password */ +- /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); +- if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) +- info->upw_ignored = TRUE;*/ +- +- /* Check for ignored group password */ +- /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_PSK_INPUT_MODES); +- if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) +- info->gpw_ignored = TRUE;*/ +- + nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); +- //nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); + *error = info->error; +- //close(conf_fd); + close(openswan_fd); + sleep(3); +- //close(secret_fd); + g_free (info); + + return *error ? FALSE : TRUE; +@@ -807,8 +765,6 @@ real_disconnect (NMVPNPlugin *plugin, + } + g_ptr_array_free (openswan_argv, TRUE); + +- //unlink("/etc/ipsec.d/ipsec-nm-conn1.conf"); +- //unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); + + return TRUE; + } +-- +1.8.3.1 + diff --git a/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch b/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch new file mode 100644 index 0000000..03afc9f --- /dev/null +++ b/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch @@ -0,0 +1,55 @@ +From 9a5e803eac0f3bd30517a4e615271f0f1d97ca02 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:37:22 -0500 +Subject: [PATCH 11/20] Fixed the current code as it does not set the default + route field NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN + information to nm-openswan plugin. This fix sets the field to TRUE. + +--- + src/nm-openswan-service-helper.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index e148b26..59d79f9 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -121,6 +121,17 @@ str_to_gvalue (const char *str, gboolean try_convert) + } + + static GValue * ++bool_to_gvalue (gboolean b) ++{ ++ GValue *val; ++ ++ val = g_slice_new0 (GValue); ++ g_value_init (val, G_TYPE_BOOLEAN); ++ g_value_set_boolean (val, b); ++ return val; ++} ++ ++static GValue * + uint_to_gvalue (guint32 num) + { + GValue *val; +@@ -252,6 +263,7 @@ main (int argc, char *argv[]) + /* Tunnel device */ + //val = str_to_gvalue (getenv ("TUNDEV"), FALSE); + //val = str_to_gvalue ("tun0", FALSE); ++ val = str_to_gvalue ("lo", FALSE); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); + else +@@ -302,6 +314,10 @@ main (int argc, char *argv[]) + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val); + ++ /* Routes */ ++ /* No default route*/ ++ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, ++ bool_to_gvalue (TRUE)); + + /* Send the config info to nm-openswan-service */ + send_ip4_config (connection, config); +-- +1.8.3.1 + diff --git a/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch b/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch new file mode 100644 index 0000000..468fa96 --- /dev/null +++ b/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch @@ -0,0 +1,36 @@ +From 7917ed515f29f54847e3bf57b6b61e7097ed78e7 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:38:08 -0500 +Subject: [PATCH 12/20] Fixed netmask issue when sending IP information to the + nm openswan plugin service. + +--- + src/nm-openswan-service-helper.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index 59d79f9..d521645 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -283,9 +283,8 @@ main (int argc, char *argv[]) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val); + else + helper_failed (connection, "IP4 PTP Address"); +-//#if 0 ++ + /* Netmask */ +- //tmp = getenv ("INTERNAL_IP4_NETMASK"); + tmp = nmask; + if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) { + GValue *value; +@@ -296,7 +295,6 @@ main (int argc, char *argv[]) + + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value); + } +-//#endif + + /* DNS */ + val = addr_list_to_gvalue (getenv ("PLUTO_PEER_DNS_INFO")); +-- +1.8.3.1 + diff --git a/0013-Fixed-more-libreswan-related-changes.patch b/0013-Fixed-more-libreswan-related-changes.patch new file mode 100644 index 0000000..a1ebd87 --- /dev/null +++ b/0013-Fixed-more-libreswan-related-changes.patch @@ -0,0 +1,68 @@ +From 2581ac2914b666b427a90ea400e757ef41030bdd Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:45:06 -0500 +Subject: [PATCH 13/20] Fixed more libreswan related changes. + +--- + src/nm-openswan-service-helper.c | 7 +++---- + src/nm-openswan-service.c | 8 ++++---- + 2 files changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index d521645..cde7443 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -204,8 +204,8 @@ addr_list_to_gvalue (const char *str) + * + * PLUTO_PEER -- vpn gateway address + * PLUTO_MY_SOURCEIP -- address +- * PLUTO_CISCO_DNS_INFO -- list of dns serverss +- * PLUTO_CISCO_DOMAIN_INFO -- default domain name ++ * PLUTO_PEER_DNS_INFO -- list of dns serverss ++ * PLUTO_PEER_DOMAIN_INFO -- default domain name + * PLUTO_PEER_BANNER -- banner from server + * + */ +@@ -247,8 +247,7 @@ main (int argc, char *argv[]) + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_GATEWAY, val); + else +- helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)"); +- ++ helper_failed (connection, "IPsec/Pluto Right Peer (VPN Gateway)"); + + /* + * Tunnel device +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index 64792a6..d59c58f 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -860,15 +860,15 @@ main (int argc, char *argv[]) + g_option_context_parse (opt_ctx, &argc, &argv, NULL); + g_option_context_free (opt_ctx); + +- if (getenv ("OPENSWAN_DEBUG")) ++ if (getenv ("IPSEC_DEBUG")) + debug = TRUE; + + if (debug) +- g_message ("nm-openswan-service (version " DIST_VERSION ") starting..."); ++ g_printf ("nm-openswan-service (version " DIST_VERSION ") starting...\n"); + + plugin = nm_openswan_plugin_new (); + if (!plugin) +- exit (1); ++ exit (EXIT_FAILURE); + + loop = g_main_loop_new (NULL, FALSE); + +@@ -881,5 +881,5 @@ main (int argc, char *argv[]) + g_main_loop_unref (loop); + g_object_unref (plugin); + +- exit (0); ++ exit (EXIT_SUCCESS); + } +-- +1.8.3.1 + diff --git a/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch b/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch new file mode 100644 index 0000000..924e0fe --- /dev/null +++ b/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch @@ -0,0 +1,27 @@ +From fdd136923c77b71080f2ccb2c0fe0a5234e73c1c Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:47:14 -0500 +Subject: [PATCH 14/20] Fixed an issue where nm-openswan service is searching + for ipsec binary in both /sbin and /usr/sbin leading to same operation twice, + as /sbin is just symlink to /usr/sbin, so removed /sbin from the search + paths. + +--- + src/nm-openswan-service.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index d59c58f..7f1a9c9 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -57,7 +57,6 @@ typedef struct { + static const char *openswan_binary_paths[] = + { + "/usr/sbin/ipsec", +- "/sbin/ipsec", + "/usr/local/sbin/ipsec", + NULL + }; +-- +1.8.3.1 + diff --git a/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch b/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch new file mode 100644 index 0000000..9d3df67 --- /dev/null +++ b/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch @@ -0,0 +1,131 @@ +From 24e2b36b20f2b6d42f715618e13c2919ad0fc51c Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:04:09 -0500 +Subject: [PATCH 15/20] Rewrite pluto watch API which watches the pluto process + for its status. Fixed memory leak issues as not all child processes were + reaped correctly. Also g_spwan_close_pid was not being called after children + were reaped. Also modified debugs and added more to help with debugging in + the future. + +--- + src/nm-openswan-service.c | 52 +++++++++++++++++++++++++++-------------------- + 1 file changed, 30 insertions(+), 22 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index 7f1a9c9..b73ab1f 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -207,30 +207,33 @@ nm_openswan_secrets_validate (NMSettingVPN *s_vpn, GError **error) + } + + static void +-openswan_watch_cb_auto (GPid pid, gint status, gpointer user_data) ++pluto_watch_cb (GPid pid, gint status, gpointer user_data) + { + NMOPENSWANPlugin *plugin = NM_OPENSWAN_PLUGIN (user_data); + NMOPENSWANPluginPrivate *priv = NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin); + guint error = 0; + ++ if(debug) ++ g_printf("pluto_watch: current child pid = %d, pluto pid=%d\n", pid, priv->pid); ++ + if (WIFEXITED (status)) { + error = WEXITSTATUS (status); + if (error != 0) +- g_warning ("openswan: ipsec auto exited with error code %d", error); ++ g_printf ("pluto_watch: pluto exited with error code %d\n", error); + } + else if (WIFSTOPPED (status)) +- g_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); ++ g_printf ("pluto_watch: pluto stopped unexpectedly with signal %d\n", WSTOPSIG (status)); + else if (WIFSIGNALED (status)) +- g_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); ++ g_printf ("pluto_watch: pluto died with signal %d\n", WTERMSIG (status)); + else +- g_warning ("openswan: ipsec auto died from an unknown cause"); ++ g_printf ("pluto_watch: pluto died from an unknown cause\n"); + + /* Reap child if needed. */ +- //waitpid (priv->pid_auto, NULL, WNOHANG); +- //priv->pid_auto = 0; ++ waitpid (pid, NULL, WNOHANG); ++ ++ if(debug) ++ g_printf ("pluto_watch: reaped child pid =%d\n", pid); + +- waitpid (priv->pid, NULL, WNOHANG); +- priv->pid = 0; + + /* Must be after data->state is set since signals use data->state */ + switch (error) { +@@ -246,18 +249,29 @@ openswan_watch_cb_auto (GPid pid, gint status, gpointer user_data) + break; + } + +- nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); ++ if(pid == priv->pid || error) { ++ priv->pid = 0; ++ ++ if(debug) ++ g_printf ("pluto_watch: nm pluto service is stopping\n"); ++ ++ nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); ++ } ++ ++ if(debug) ++ g_printf ("pluto_watch: nm pluto service will continue after reaping a child\n"); ++ ++ /*closing pid*/ ++ g_spawn_close_pid(pid); + } + + + static gint +-//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) + nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + { + GPid pid, pid_auto; + const char **openswan_binary = NULL; + GPtrArray *openswan_argv; +- GSource *openswan_watch; + gint stdin_fd; + + /* Find openswan ipsec */ +@@ -293,11 +307,8 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + + g_message ("openswan: ipsec started with pid %d", pid); + +- NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; +- openswan_watch = g_child_watch_source_new (pid); +- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); +- g_source_attach (openswan_watch, NULL); +- g_source_unref (openswan_watch); ++ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; ++ g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); + + sleep(2); + +@@ -322,11 +333,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + + g_message ("openswan: ipsec auto started with pid %d", pid_auto); + +- /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; +- openswan_watch = g_child_watch_source_new (pid_auto); +- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); +- g_source_attach (openswan_watch, NULL); +- g_source_unref (openswan_watch);*/ ++ g_child_watch_add(pid_auto, (GChildWatchFunc) pluto_watch_cb, plugin); + + return stdin_fd; + } +@@ -376,6 +383,7 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) + g_ptr_array_free (openswan_argv, TRUE); + + sleep(3); ++ g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); + + g_message ("openswan: ipsec auto connection started with pid %d", pid); + +-- +1.8.3.1 + diff --git a/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch b/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch new file mode 100644 index 0000000..f3bad15 --- /dev/null +++ b/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch @@ -0,0 +1,28 @@ +From dde144e924005c3048061b4d758019a1358ac505 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:05:25 -0500 +Subject: [PATCH 16/20] Fixed defaults values for more parameters to help the + VPN connection stay more reliable. + +--- + src/nm-openswan-service.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index b73ab1f..b807bcc 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -573,6 +573,10 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + } + + write_config_option (fdtmp1, " nm_configured=yes\n"); ++ write_config_option (fdtmp1, " rekey=yes\n"); ++ write_config_option (fdtmp1, " salifetime=24h\n"); ++ write_config_option (fdtmp1, " ikelifetime=24h\n"); ++ write_config_option (fdtmp1, " keyingtries=1\n"); + write_config_option (fdtmp1, " auto=add"); + } + +-- +1.8.3.1 + diff --git a/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch b/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch new file mode 100644 index 0000000..2428ce9 --- /dev/null +++ b/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch @@ -0,0 +1,50 @@ +From 9dadb938c40e4d56fea6c6d55f3c9b90e776fb62 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:21:54 -0500 +Subject: [PATCH 17/20] Fixed initiation of pluto daemon by this plugin to + reflect the changes in libreaswan. + +--- + src/nm-openswan-service.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index b807bcc..f205c1d 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -49,7 +49,6 @@ G_DEFINE_TYPE (NMOPENSWANPlugin, nm_openswan_plugin, NM_TYPE_VPN_PLUGIN) + + typedef struct { + GPid pid; +- GPid pid_auto; + } NMOPENSWANPluginPrivate; + + #define NM_OPENSWAN_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_OPENSWAN_PLUGIN, NMOPENSWANPluginPrivate)) +@@ -291,14 +290,20 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + return -1; + } + +- openswan_argv = g_ptr_array_new (); +- g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); +- g_ptr_array_add (openswan_argv, (gpointer) "setup"); ++ /*openswan_argv = g_ptr_array_new (); + g_ptr_array_add (openswan_argv, (gpointer) "start"); + g_ptr_array_add (openswan_argv, NULL); + ++ g_ptr_array_free (openswan_argv, TRUE);*/ ++ openswan_argv = g_ptr_array_new (); ++ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/pluto"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--config"); ++ g_ptr_array_add (openswan_argv, (gpointer) "/etc/ipsec.conf"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--nofork"); ++ g_ptr_array_add (openswan_argv, NULL); ++ + if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, +- 0, NULL, NULL, &pid, error)) { ++ G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) { + g_ptr_array_free (openswan_argv, TRUE); + g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); + return -1; +-- +1.8.3.1 + diff --git a/0018-Fixed-various-debug-messages.patch b/0018-Fixed-various-debug-messages.patch new file mode 100644 index 0000000..cedde11 --- /dev/null +++ b/0018-Fixed-various-debug-messages.patch @@ -0,0 +1,103 @@ +From 9ef10efa0905b22395987d99b26b8d5cbebd03ba Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:23:59 -0500 +Subject: [PATCH 18/20] Fixed various debug messages. + +--- + src/nm-openswan-service.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index f205c1d..fffd020 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -305,12 +305,12 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, + G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) { + g_ptr_array_free (openswan_argv, TRUE); +- g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); ++ g_printf ("pluto failed to start. error: '%s'\n", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- g_message ("openswan: ipsec started with pid %d", pid); ++ g_printf ("ipsec/pluto started with pid %d\n", pid); + + NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; + g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); +@@ -331,20 +331,19 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + NULL, NULL, error)) { + + g_ptr_array_free (openswan_argv, TRUE); +- g_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); ++ g_printf ("ipsec auto add failed with error: '%s'\n", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- g_message ("openswan: ipsec auto started with pid %d", pid_auto); ++ if(debug) ++ g_printf ("pluto auto started with pid %d\n", pid_auto); + + g_child_watch_add(pid_auto, (GChildWatchFunc) pluto_watch_cb, plugin); + + return stdin_fd; + } + +- +- + static gint + nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) + { +@@ -382,15 +381,17 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) + NULL, NULL, error)) { + + g_ptr_array_free (openswan_argv, TRUE); +- g_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); ++ g_printf ("ipsec/pluto auto connection failed to start. error: '%s'\n", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- sleep(3); ++ if(debug) ++ g_printf ("pluto up started with pid %d\n", pid); ++ + g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); + +- g_message ("openswan: ipsec auto connection started with pid %d", pid); ++ //sleep(3); + + return stdin_fd; + } +@@ -408,7 +409,7 @@ write_config_option (int fd, const char *format, ...) + g_print ("Config: %s", string); + + if ( write (fd, string, strlen (string)) == -1) { +- g_warning ("nm-openswan: error in write_config_option"); ++ g_printf ("nm-openswan: error in write_config_option\n"); + } + + g_free (string); +@@ -521,7 +522,7 @@ write_one_property (const char *key, const char *value, gpointer user_data) + /* ignored */ + } else { + /* Just ignore unknown properties */ +- g_warning ("Don't know how to write property '%s' with type %s", ++ g_printf ("Don't know how to write property '%s' with type %s\n", + (char *) key, g_type_name (type)); + } + } +@@ -676,7 +677,7 @@ real_connect (NMVPNPlugin *plugin, + if (openswan_fd < 0) + goto out; + +- write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); ++ write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); + close(openswan_fd); + openswan_fd=-1; + +-- +1.8.3.1 + diff --git a/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch b/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch new file mode 100644 index 0000000..127977a --- /dev/null +++ b/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch @@ -0,0 +1,44 @@ +From 27c17d7d805ad87632872cf2ded5237fc59159dd Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:25:35 -0500 +Subject: [PATCH 19/20] Fixed the termination operation of pluto daemon to + comply with libreswan changes. + +--- + src/nm-openswan-service.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index fffd020..af541bd 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -769,20 +769,21 @@ real_disconnect (NMVPNPlugin *plugin, + } + + openswan_argv = g_ptr_array_new (); +- g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); +- g_ptr_array_add (openswan_argv, (gpointer) "setup"); +- g_ptr_array_add (openswan_argv, (gpointer) "stop"); ++ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/whack"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--shutdown"); ++ //g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); ++ //g_ptr_array_add (openswan_argv, (gpointer) "setup"); ++ //g_ptr_array_add (openswan_argv, (gpointer) "stop"); + g_ptr_array_add (openswan_argv, NULL); + + if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, + 0, NULL, NULL, NULL, error)) { + g_ptr_array_free (openswan_argv, TRUE); +- g_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); ++ g_printf ("ipsec (pluto) failed to stop. error: '%s'\n", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- + return TRUE; + } + +-- +1.8.3.1 + diff --git a/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch b/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch new file mode 100644 index 0000000..364b6f0 --- /dev/null +++ b/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch @@ -0,0 +1,39 @@ +From 7559f06152549e0c457d08c67f2d3088b37c6ccf Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 16:56:18 -0500 +Subject: [PATCH 20/20] Fixed an issue where proper network stack is not loaded + unless _stackmanager is run before starting pluto daemon service. + +--- + src/nm-openswan-service.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index af541bd..f6afee5 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -290,11 +290,19 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + return -1; + } + +- /*openswan_argv = g_ptr_array_new (); ++ openswan_argv = g_ptr_array_new (); ++ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/_stackmanager"); + g_ptr_array_add (openswan_argv, (gpointer) "start"); + g_ptr_array_add (openswan_argv, NULL); + +- g_ptr_array_free (openswan_argv, TRUE);*/ ++ if (!g_spawn_sync (NULL, (char **) openswan_argv->pdata, NULL, ++ 0, NULL, NULL, NULL, NULL, NULL, error)) { ++ g_ptr_array_free (openswan_argv, TRUE); ++ g_printf ("pluto _stackmanager failed with error: '%s'\n", (*error)->message); ++ return -1; ++ } ++ g_ptr_array_free (openswan_argv, TRUE); ++ + openswan_argv = g_ptr_array_new (); + g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/pluto"); + g_ptr_array_add (openswan_argv, (gpointer) "--config"); +-- +1.8.3.1 + diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 981cd60..fee2d02 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,19 +1,41 @@ -%define nm_version 1:0.9.2 +#%define nm_version 1:0.9.8 -%define realversion 0.9.8.0 +%define realversion 0.9.8.4 Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan -Version: 0.9.8.0 +Version: 0.9.8.4 Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/%{name}-%{realversion}.tar.xz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +Patch1: 0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch +Patch2: 0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch +Patch3: 0003-Fixed-Networkmanager-and-related-lib-dependencies.patch +Patch4: 0004-Fixed-gnomekeyring-lib-dependencies.patch +Patch5: 0005-Fixed-dead-code-based-on-coverity-scan.patch +Patch6: 0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch +Patch7: 0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch +Patch8: 0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch +Patch9: 0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch +Patch10: 0010-Fixed-more-coverity-scan-issues.patch +Patch11: 0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch +Patch12: 0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch +Patch13: 0013-Fixed-more-libreswan-related-changes.patch +Patch14: 0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch +Patch15: 0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch +Patch16: 0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch +Patch17: 0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch +Patch18: 0018-Fixed-various-debug-messages.patch +Patch19: 0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch +Patch20: 0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch BuildRequires: gtk3-devel BuildRequires: dbus-devel +BuildRequires: NetworkManager-devel +BuildRequires: NetworkManager-glib-devel BuildRequires: NetworkManager-devel >= %{nm_version} BuildRequires: NetworkManager-glib-devel >= %{nm_version} %if 0%{?fedora} > 16 || 0%{?rhel} >= 7 @@ -25,46 +47,143 @@ BuildRequires: intltool gettext Requires: NetworkManager >= %{nm_version} Requires: gnome-keyring +Requires: gtk3 +Requires: dbus +Requires: libreswan +Requires: shared-mime-info +#Requires: nm-connection-editor + +%global _privatelibs libnm-openswan-properties[.]so.* +%global __provides_exclude ^(%{_privatelibs})$ +%global __requires_exclude ^(%{_privatelibs})$ %description This package contains software for integrating the openswan VPN software with NetworkManager and the GNOME desktop +%package -n NetworkManager-openswan-gnome +Summary: NetworkManager VPN plugin for openswan - GNOME files +Group: System Environment/Base + +Requires: NetworkManager-openswan = %{version}-%{release} +Requires: nm-connection-editor + +%description -n NetworkManager-openswan-gnome +This package contains software for integrating VPN capabilities with +the openswan/libreswan server with NetworkManager (GNOME files). + %prep %setup -q -n NetworkManager-openswan-%{realversion} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 %build +autoreconf %configure --disable-static --enable-more-warnings=yes make %{?_smp_mflags} %install - make install DESTDIR=$RPM_BUILD_ROOT - rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la +rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.a +mv %{buildroot}%{_libexecdir}/nm-openswan-service-helper %{buildroot}%{_libexecdir}/nm-libreswan-service-helper %find_lang %{name} +%post +update-desktop-database &> /dev/null || : + +%postun +update-desktop-database &> /dev/null || : %clean rm -rf $RPM_BUILD_ROOT %files -f %{name}.lang %defattr(-, root, root,-) -%config /etc/NetworkManager/VPN/nm-openswan-service.name -%config /etc/dbus-1/system.d/nm-openswan-service.conf - %doc AUTHORS ChangeLog COPYING -%{_libdir}/NetworkManager/lib*.so* +#%{_libdir}/NetworkManager/lib*.so* %{_libexecdir}/nm-openswan-auth-dialog %{_sysconfdir}/dbus-1/system.d/nm-openswan-service.conf %{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name %{_libexecdir}/nm-openswan-service -%{_libexecdir}/nm-openswan-service-helper -%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui +%{_libexecdir}/nm-libreswan-service-helper +%{_datadir}/applications/nm-openswan-auth-dialog.desktop +#%dir %{_datadir}/gnome-vpn-properties/openswan +#%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui + +%files -n NetworkManager-openswan-gnome +%doc AUTHORS ChangeLog COPYING +%{_libdir}/NetworkManager/lib*.so* %dir %{_datadir}/gnome-vpn-properties/openswan +%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui + %changelog +* Tue Dec 10 2013 Avesh Agarwal - 0.9.8.4-1 +- New upstream release 0.9.8.4 +- Fixed 926225 +- Fixed dependency to libreswan. +- Created a new sub package NetworkManager-openswan-gnome +- Various other spec file fixes. +- Additional code changes are as follows: +- Fixed an issue where proper network stack is not loaded unless + _stackmanager is run before starting pluto daemon service. +- Fixed the termination operation of pluto daemon to comply with + libreswan changes. +- Fixed various debug messages. +- Fixed initiation of pluto daemon by this plugin to reflect the + changes in libreaswan. +- Fixed defaults values for more parameters to help the VPN + connection stay more reliable. +- Rewrote pluto watch API which watches the pluto process for its status. + Fixed memory leak issues as not all child processes were reaped correctly. + Also g_spwan_close_pid was not being called after children were reaped. + Also modified debugs and added more to help with debugging in the future. +- Fixed an issue where nm-openswan service is searching for ipsec binary in + both /sbin and /usr/sbin leading to same operation twice, as /sbin is just + symlink to /usr/sbin, so removed /sbin from the search paths. +- Fixed some libreswan related macro changes. +- Fixed netmask issue when sending IP information to the nm openswan + plugin service. +- Fixed the current code as it does not set the default route field + NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN information + to nm-openswan plugin. This fix sets the field to TRUE. +- Fixed some issues found by coverity scan. +- Fixed an issue where writing configuration on stdin should not end with + \n as it gives error. It used to work previously, but not with latest + NetworkManager versions. +- libreswan related fixes, as some macros have been modified after forking + to libreswan from openswan. +- openswan/libreswan does not provide tun0 interface, so fixed the code + where it sends tun0 interface. +- Fix prcoessing of nm-openswan-dialog.ui file and added more error notifications. +- Fixed dead code based on coverity scan. +- Fixed gnomekeyring lib dependencies. +- Fixed Networkmanager and related lib dependencies. +- Fixed gtk label max width issue by setting it to 35. +- NM-openswan was missing support for nm-openswan-auth-dialog.desktop.in.in. + So added a new nm-openswan-auth-dialog.desktop.in.in, and modified related + Makefile and configure.ac files. + * Mon Aug 5 2013 Avesh Agarwal - 0.9.8.0-1 - Rebase to latest upstream version 0.9.8.0 - Fixed several issues with the packaging diff --git a/sources b/sources index 1e85c40..5ae9be8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -70281754557a11eef344ecbc7f88b4ce NetworkManager-openswan-0.9.8.0.sha256sum -6a373868f85ac3b7c953f7fd6c76e637 NetworkManager-openswan-0.9.8.0.tar.xz +4aafa86d4203bb2b51c93165db165086 NetworkManager-openswan-0.9.8.4.sha256sum +6cb2b64bc79c4174856613d077667b66 NetworkManager-openswan-0.9.8.4.tar.xz