From 5449945fbc6f41d07dca3661c9bbdeb94bc3ca45 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 14 Jun 2010 04:50:07 +0000 Subject: [PATCH 01/37] Setup of module NetworkManager-openswan --- .cvsignore | 0 Makefile | 21 +++++++++++++++++++++ sources | 0 3 files changed, 21 insertions(+) create mode 100644 .cvsignore create mode 100644 Makefile create mode 100644 sources diff --git a/.cvsignore b/.cvsignore new file mode 100644 index 0000000..e69de29 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..d8f1c06 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: NetworkManager-openswan +# $Id$ +NAME := NetworkManager-openswan +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/sources b/sources new file mode 100644 index 0000000..e69de29 From 84c8ce02908d9e290aab26f405d4ff27e69a022b Mon Sep 17 00:00:00 2001 From: avesh agarwal Date: Tue, 15 Jun 2010 15:29:43 +0000 Subject: [PATCH 02/37] - Initial build --- .cvsignore | 1 + NetworkManager-openswan.spec | 75 ++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 77 insertions(+) create mode 100644 NetworkManager-openswan.spec diff --git a/.cvsignore b/.cvsignore index e69de29..09f016e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +NetworkManager-openswan-0.8.tar.gz diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec new file mode 100644 index 0000000..d19484c --- /dev/null +++ b/NetworkManager-openswan.spec @@ -0,0 +1,75 @@ +%define openswan_version 2.6.25-2 + +%define snapshot .20100411git +%define realversion 0.8 + +Summary: NetworkManager VPN plug-in for openswan +Name: NetworkManager-openswan +Version: 0.8.0 +Release: 1%{snapshot}%{?dist} +License: GPLv2+ +Group: System Environment/Base +URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ +# To get source, either download from the above url, or follow these commands +# Check out NetworkManager-openswan +# "cd" to specfic fedora release +# run "make test-srpm" +Source0: http://people.redhat.com/avagarwa/files/%{name}/%{name}-%{realversion}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +BuildRequires: gtk2-devel +#BuildRequires: dbus-devel +#BuildRequires: NetworkManager-devel +BuildRequires: NetworkManager-glib-devel +BuildRequires: GConf2-devel +BuildRequires: gnome-keyring-devel +BuildRequires: libglade2-devel +BuildRequires: intltool gettext + +Requires: NetworkManager +Requires: gnome-keyring +Requires: openswan >= %{openswan_version} + + +%description +This package contains software for integrating the openswan VPN software +with NetworkManager and the GNOME desktop + +%prep +%setup -q -n NetworkManager-openswan-%{realversion} + +%build +%configure --disable-static --enable-more-warnings=yes +make %{?_smp_mflags} + +%install + +make install DESTDIR=$RPM_BUILD_ROOT + +rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la + +%find_lang %{name} + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files -f %{name}.lang +%defattr(-, root, root,-) +%config /etc/NetworkManager/VPN/nm-openswan-service.name +%config /etc/dbus-1/system.d/nm-openswan-service.conf + +%doc AUTHORS ChangeLog COPYING +%{_libdir}/NetworkManager/lib*.so* +%{_libexecdir}/nm-openswan-auth-dialog +%{_sysconfdir}/dbus-1/system.d/nm-openswan-service.conf +%{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name +%{_libexecdir}/nm-openswan-service +%{_libexecdir}/nm-openswan-service-helper +%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.glade +%dir %{_datadir}/gnome-vpn-properties/openswan + +%changelog +* Tue Jun 15 2010 Avesh Agarwal - 0.8.0-1.20100411git +- Initial build diff --git a/sources b/sources index e69de29..bb77056 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +8e44ef5492e5f5937dcb4a1a620d461b NetworkManager-openswan-0.8.tar.gz From 93da43e3117f9d1431036a170e6e53e124938646 Mon Sep 17 00:00:00 2001 From: avesh agarwal Date: Thu, 8 Jul 2010 16:41:03 +0000 Subject: [PATCH 03/37] - Modified to initiate VPN connections with openswan whack interface - Fixed the issue of world readable conf and secret files - Cleaned conf and secret files after VPN connection is stopped - Fixed the issue of storing sensitive information like user password in a file (rhbz# 607352) - Changed PLUTO_SERVERBANNER to PLUTO_PEER_BANNER due to the same change in Openswan - Modifed GUI to remove unused configuration boxes --- NetworkManager-openswan.spec | 19 +- nm-secret-whack.patch | 408 +++++++++++++++++++++++++++++++++++ 2 files changed, 425 insertions(+), 2 deletions(-) create mode 100644 nm-secret-whack.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index d19484c..c312e34 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 1%{snapshot}%{?dist} +Release: 2%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -17,6 +17,9 @@ URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ Source0: http://people.redhat.com/avagarwa/files/%{name}/%{name}-%{realversion}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +Patch1: nm-secret-whack.patch + BuildRequires: gtk2-devel #BuildRequires: dbus-devel #BuildRequires: NetworkManager-devel @@ -38,6 +41,8 @@ with NetworkManager and the GNOME desktop %prep %setup -q -n NetworkManager-openswan-%{realversion} +%patch1 -p1 + %build %configure --disable-static --enable-more-warnings=yes make %{?_smp_mflags} @@ -71,5 +76,15 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog -* Tue Jun 15 2010 Avesh Agarwal - 0.8.0-1.20100411git +* Thu Jul 8 2010 Avesh Agarwal - 0.8.0-2.20100411git +- Modified to initiate VPN connections with openswan whack interface +- Fixed the issue of world readable conf and secret files +- Cleaned conf and secret files after VPN connection is stopped +- Fixed the issue of storing sensitive information like user + password in a file (rhbz# 607352) +- Changed PLUTO_SERVERBANNER to PLUTO_PEER_BANNER due + to the same change in Openswan +- Modifed GUI to remove unused configuration boxes + +* Tue Jun 15 2010 Avesh Agarwal - 0.8.0-1.20100411git - Initial build diff --git a/nm-secret-whack.patch b/nm-secret-whack.patch new file mode 100644 index 0000000..8bcea5e --- /dev/null +++ b/nm-secret-whack.patch @@ -0,0 +1,408 @@ +diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan.c NetworkManager-openswan-0.8/properties/nm-openswan.c +--- NetworkManager-openswan-0.8-orig/properties/nm-openswan.c 2010-06-04 17:50:13.000000000 -0400 ++++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2010-07-08 12:15:43.376302841 -0400 +@@ -426,7 +426,7 @@ init_plugin_ui (OpenswanPluginUiWidget * + } + g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); + +- widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); ++ /*widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); + g_return_val_if_fail (widget != NULL, FALSE); + if (s_vpn) { + value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT); +@@ -442,7 +442,7 @@ init_plugin_ui (OpenswanPluginUiWidget * + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); + } + } +- g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self); ++ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/ + + widget = glade_xml_get_widget (priv->xml, "show_passwords_checkbutton"); + g_return_val_if_fail (widget != NULL, FALSE); +@@ -530,20 +530,20 @@ update_connection (NMVpnPluginUiWidgetIn + if (str && strlen (str)) + nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str); + +- widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); +- if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { +- nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); +- } else { ++ //widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); ++ //if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { ++ // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); ++ //} else { + /* If DPD was disabled and now the user wishes to enable it, just + * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the + * default DPD idle time. Otherwise keep the original DPD idle timeout. + */ +- if (priv->orig_dpd_timeout >= 10) { +- char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); +- nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); +- g_free (tmp); +- } +- } ++ // if (priv->orig_dpd_timeout >= 10) { ++ // char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); ++ // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); ++ // g_free (tmp); ++ // } ++ //} + + upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); + gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES); +diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade +--- NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade 2010-06-04 17:50:13.000000000 -0400 ++++ NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade 2010-07-08 12:20:07.277052416 -0400 +@@ -1,7 +1,7 @@ +- +- +- ++ + ++ ++ + + window1 + +@@ -23,6 +23,7 @@ + + False + False ++ 0 + + + +@@ -37,18 +38,6 @@ + 6 + 6 + +- +- +- +- +- +- +- +- +- +- +- +- + + True + +@@ -74,10 +63,10 @@ + + + ++ Show passwords + True + True +- Show passwords +- 0 ++ False + True + + +@@ -197,6 +186,18 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +@@ -207,6 +208,7 @@ + + + False ++ 0 + + + +@@ -223,6 +225,7 @@ + + False + False ++ 0 + + + +@@ -237,47 +240,6 @@ + 6 + 6 + +- +- +- +- +- True +- True +- Disable Dead Peer Detection +- 0 +- True +- +- +- 1 +- 2 +- 4 +- 5 +- +- +- +- +- True +- +- +- +- 1 +- 2 +- 2 +- 3 +- +- +- +- +- True +- 0 +- Encryption method: +- +- +- 2 +- 3 +- +- +- + + True + 0 +@@ -326,27 +288,22 @@ + + + +- +- True +- 0 +- NAT traversal: +- +- +- 3 +- 4 +- ++ + + +- +- True +- +- +- +- 1 +- 2 +- 3 +- 4 +- ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c +--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400 ++++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-08 11:39:24.904302790 -0400 +@@ -202,14 +202,14 @@ openswan_watch_cb_auto (GPid pid, gint s + if (WIFEXITED (status)) { + error = WEXITSTATUS (status); + if (error != 0) +- nm_warning ("openswan: ipsec auto exited with error code %d", error); ++ nm_warning ("openswan: ipsec whack exited with error code %d", error); + } + else if (WIFSTOPPED (status)) +- nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); ++ nm_warning ("openswan: ipsec whack stopped unexpectedly with signal %d", WSTOPSIG (status)); + else if (WIFSIGNALED (status)) +- nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); ++ nm_warning ("openswan: ipsec whack died with signal %d", WTERMSIG (status)); + else +- nm_warning ("openswan: ipsec auto died from an unknown cause"); ++ nm_warning ("openswan: ipsec whack died from an unknown cause"); + + /* Reap child if needed. */ + waitpid (priv->pid_auto, NULL, WNOHANG); +@@ -218,7 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s + + + static gint +-nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) ++nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) + { + GPid pid, pid_auto; + const char **openswan_binary = NULL; +@@ -259,12 +259,14 @@ nm_openswan_start_openswan_binary (NMOPE + + sleep(2); + +- /*ipsec auto --up */ + openswan_argv = g_ptr_array_new (); + g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); +- g_ptr_array_add (openswan_argv, (gpointer) "auto"); +- g_ptr_array_add (openswan_argv, (gpointer) "--up"); ++ g_ptr_array_add (openswan_argv, (gpointer) "whack"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--initiate"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--name"); + g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); ++ g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); + g_ptr_array_add (openswan_argv, NULL); + + if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, +@@ -272,18 +274,18 @@ nm_openswan_start_openswan_binary (NMOPE + NULL, NULL, error)) { + + g_ptr_array_free (openswan_argv, TRUE); +- nm_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); ++ nm_warning ("openswan: ipsec whack failed to start. error: '%s'", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- nm_info ("openswan: ipsec auto started with pid %d", pid_auto); ++ nm_info ("openswan: ipsec whack started with pid %d", pid_auto); + +- NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; +- openswan_watch = g_child_watch_source_new (pid_auto); +- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); +- g_source_attach (openswan_watch, NULL); +- g_source_unref (openswan_watch); ++ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; ++ openswan_watch = g_child_watch_source_new (pid_auto); ++ g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); ++ g_source_attach (openswan_watch, NULL); ++ g_source_unref (openswan_watch); + + return stdin_fd; + } +@@ -318,8 +320,8 @@ write_one_property (const char *key, con + WriteConfigInfo *info = (WriteConfigInfo *) user_data; + GType type = G_TYPE_INVALID; + int i; +- const char *default_username; +- const char *props_username; ++ //const char *default_username; ++ //const char *props_username; + const char *leftid; + + if (info->error) +@@ -365,19 +367,19 @@ write_one_property (const char *key, con + //write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value); + + if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) { +- leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID); ++ leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID); + write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value); + } + + if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { +- default_username = nm_setting_vpn_get_user_name (info->s_vpn); ++ /*default_username = nm_setting_vpn_get_user_name (info->s_vpn); + props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); + if ( default_username && strlen (default_username) + && (!props_username || !strlen (props_username))) { + write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n",default_username, (char *) value); + } else { + write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value); +- } ++ }*/ + } + + } else if (type == G_TYPE_BOOLEAN) { +@@ -426,8 +428,8 @@ nm_openswan_config_write (NMSettingVPN * + gint conf_fd=-1; + gint secret_fd=-1; + +- conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); +- secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); ++ conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); ++ secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); + + fdtmp1 = conf_fd; + if(fdtmp1 != -1) { +@@ -454,8 +456,10 @@ nm_openswan_config_write (NMSettingVPN * + write_config_option (fdtmp1, " ike=aes-sha1\n"); + write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n"); + write_config_option (fdtmp1, " nm_configured=yes\n"); +- //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); ++ //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); + write_config_option (fdtmp1, " auto=add\n"); ++ //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); ++ //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); + } + + //default_username = nm_setting_vpn_get_user_name (s_vpn); +@@ -514,10 +518,10 @@ real_connect (NMVPNPlugin *plugin, + if (!nm_openswan_secrets_validate (s_vpn, error)) + goto out; + +- if (!nm_openswan_config_write (s_vpn, error)) +- goto out; ++ if (!nm_openswan_config_write (s_vpn, error)) ++ goto out; + +- openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error); ++ openswan_fd = nm_openswan_start_openswan_binary (s_vpn, NM_OPENSWAN_PLUGIN (plugin), error); + if (openswan_fd < 0) + goto out; + +@@ -622,6 +626,9 @@ real_disconnect (NMVPNPlugin *plugin, + } + g_ptr_array_free (openswan_argv, TRUE); + ++ unlink("/etc/ipsec.d/ipsec-nm-conn1.conf"); ++ unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); ++ + return TRUE; + } + +diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c +--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c 2010-06-04 17:50:13.000000000 -0400 ++++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c 2010-07-06 15:10:51.737035482 -0400 +@@ -195,7 +195,7 @@ addr_list_to_gvalue (const char *str) + * PLUTO_MY_SOURCEIP -- address + * PLUTO_CISCO_DNS_INFO -- list of dns serverss + * PLUTO_CISCO_DOMAIN_INFO -- default domain name +- * PLUTO_SERVERBANNER -- banner from server ++ * PLUTO_PEER_BANNER -- banner from server + * + */ + int +@@ -288,7 +288,7 @@ main (int argc, char *argv[]) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val); + + /* Banner */ +- val = str_to_gvalue (getenv ("PLUTO_SERVERBANNER"), TRUE); ++ val = str_to_gvalue (getenv ("PLUTO_PEER_BANNER"), TRUE); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val); + From f98504abadb63099b7f166dc9a551a8720686006 Mon Sep 17 00:00:00 2001 From: avesh agarwal Date: Thu, 8 Jul 2010 20:14:15 +0000 Subject: [PATCH 04/37] - Modified the patch so that it does not pass user password to "ipsec whack" command. --- NetworkManager-openswan.spec | 6 ++- nm-secret-whack.patch | 92 +++++++----------------------------- 2 files changed, 23 insertions(+), 75 deletions(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index c312e34..2bd3b10 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 2%{snapshot}%{?dist} +Release: 3%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -76,6 +76,10 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Thu Jul 8 2010 Avesh Agarwal - 0.8.0-3.20100411git +- Modified the patch so that it does not pass user password to + "ipsec whack" command. + * Thu Jul 8 2010 Avesh Agarwal - 0.8.0-2.20100411git - Modified to initiate VPN connections with openswan whack interface - Fixed the issue of world readable conf and secret files diff --git a/nm-secret-whack.patch b/nm-secret-whack.patch index 8bcea5e..d4ef8f4 100644 --- a/nm-secret-whack.patch +++ b/nm-secret-whack.patch @@ -231,65 +231,37 @@ diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c --- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400 -+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-08 11:39:24.904302790 -0400 -@@ -202,14 +202,14 @@ openswan_watch_cb_auto (GPid pid, gint s - if (WIFEXITED (status)) { - error = WEXITSTATUS (status); - if (error != 0) -- nm_warning ("openswan: ipsec auto exited with error code %d", error); -+ nm_warning ("openswan: ipsec whack exited with error code %d", error); - } - else if (WIFSTOPPED (status)) -- nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); -+ nm_warning ("openswan: ipsec whack stopped unexpectedly with signal %d", WSTOPSIG (status)); - else if (WIFSIGNALED (status)) -- nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); -+ nm_warning ("openswan: ipsec whack died with signal %d", WTERMSIG (status)); - else -- nm_warning ("openswan: ipsec auto died from an unknown cause"); -+ nm_warning ("openswan: ipsec whack died from an unknown cause"); - - /* Reap child if needed. */ - waitpid (priv->pid_auto, NULL, WNOHANG); -@@ -218,7 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s ++++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-08 16:05:26.372305285 -0400 +@@ -218,6 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s static gint --nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) -+nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) ++//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) + nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) { GPid pid, pid_auto; - const char **openswan_binary = NULL; -@@ -259,12 +259,14 @@ nm_openswan_start_openswan_binary (NMOPE +@@ -259,12 +260,14 @@ nm_openswan_start_openswan_binary (NMOPE sleep(2); - /*ipsec auto --up */ openswan_argv = g_ptr_array_new (); g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); -- g_ptr_array_add (openswan_argv, (gpointer) "auto"); -- g_ptr_array_add (openswan_argv, (gpointer) "--up"); -+ g_ptr_array_add (openswan_argv, (gpointer) "whack"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--initiate"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--name"); + g_ptr_array_add (openswan_argv, (gpointer) "auto"); + g_ptr_array_add (openswan_argv, (gpointer) "--up"); ++ //g_ptr_array_add (openswan_argv, (gpointer) "--name"); g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); -+ g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); ++ //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); ++ //g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); g_ptr_array_add (openswan_argv, NULL); if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, -@@ -272,18 +274,18 @@ nm_openswan_start_openswan_binary (NMOPE - NULL, NULL, error)) { - - g_ptr_array_free (openswan_argv, TRUE); -- nm_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); -+ nm_warning ("openswan: ipsec whack failed to start. error: '%s'", (*error)->message); - return -1; +@@ -277,13 +280,13 @@ nm_openswan_start_openswan_binary (NMOPE } g_ptr_array_free (openswan_argv, TRUE); - nm_info ("openswan: ipsec auto started with pid %d", pid_auto); -+ nm_info ("openswan: ipsec whack started with pid %d", pid_auto); ++ nm_info ("openswan: ipsec auto started with pid %d", pid_auto); - NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; - openswan_watch = g_child_watch_source_new (pid_auto); @@ -304,18 +276,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan return stdin_fd; } -@@ -318,8 +320,8 @@ write_one_property (const char *key, con - WriteConfigInfo *info = (WriteConfigInfo *) user_data; - GType type = G_TYPE_INVALID; - int i; -- const char *default_username; -- const char *props_username; -+ //const char *default_username; -+ //const char *props_username; - const char *leftid; - - if (info->error) -@@ -365,19 +367,19 @@ write_one_property (const char *key, con +@@ -365,7 +368,7 @@ write_one_property (const char *key, con //write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value); if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) { @@ -324,21 +285,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value); } - if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { -- default_username = nm_setting_vpn_get_user_name (info->s_vpn); -+ /*default_username = nm_setting_vpn_get_user_name (info->s_vpn); - props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); - if ( default_username && strlen (default_username) - && (!props_username || !strlen (props_username))) { - write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n",default_username, (char *) value); - } else { - write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value); -- } -+ }*/ - } - - } else if (type == G_TYPE_BOOLEAN) { -@@ -426,8 +428,8 @@ nm_openswan_config_write (NMSettingVPN * +@@ -426,8 +429,8 @@ nm_openswan_config_write (NMSettingVPN * gint conf_fd=-1; gint secret_fd=-1; @@ -349,7 +296,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan fdtmp1 = conf_fd; if(fdtmp1 != -1) { -@@ -454,8 +456,10 @@ nm_openswan_config_write (NMSettingVPN * +@@ -454,8 +457,10 @@ nm_openswan_config_write (NMSettingVPN * write_config_option (fdtmp1, " ike=aes-sha1\n"); write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n"); write_config_option (fdtmp1, " nm_configured=yes\n"); @@ -361,7 +308,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan } //default_username = nm_setting_vpn_get_user_name (s_vpn); -@@ -514,10 +518,10 @@ real_connect (NMVPNPlugin *plugin, +@@ -514,8 +519,8 @@ real_connect (NMVPNPlugin *plugin, if (!nm_openswan_secrets_validate (s_vpn, error)) goto out; @@ -370,12 +317,9 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan + if (!nm_openswan_config_write (s_vpn, error)) + goto out; -- openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error); -+ openswan_fd = nm_openswan_start_openswan_binary (s_vpn, NM_OPENSWAN_PLUGIN (plugin), error); + openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error); if (openswan_fd < 0) - goto out; - -@@ -622,6 +626,9 @@ real_disconnect (NMVPNPlugin *plugin, +@@ -622,6 +627,9 @@ real_disconnect (NMVPNPlugin *plugin, } g_ptr_array_free (openswan_argv, TRUE); From f47d176e867b20d8c30156035d2e56945c8a20bb Mon Sep 17 00:00:00 2001 From: avesh agarwal Date: Tue, 13 Jul 2010 23:11:02 +0000 Subject: [PATCH 05/37] - Modified fix for the bz 607352 - Fix to read connection configuration from stdin - Fix to read Xauth user password from stdin - Fix to delete the secret file as soon as read by Openswan --- NetworkManager-openswan.spec | 10 +- nm-secret-whack.patch | 268 ++++++++++++++++++++++++++++++++--- 2 files changed, 256 insertions(+), 22 deletions(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 2bd3b10..a53dafb 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,4 +1,4 @@ -%define openswan_version 2.6.25-2 +%define openswan_version 2.6.27-1 %define snapshot .20100411git %define realversion 0.8 @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 3%{snapshot}%{?dist} +Release: 4%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -76,6 +76,12 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Tue Jul 13 2010 Avesh Agarwal - 0.8.0-4.20100411git +- Modified fix for the bz 607352 +- Fix to read connection configuration from stdin +- Fix to read Xauth user password from stdin +- Fix to delete the secret file as soon as read by Openswan + * Thu Jul 8 2010 Avesh Agarwal - 0.8.0-3.20100411git - Modified the patch so that it does not pass user password to "ipsec whack" command. diff --git a/nm-secret-whack.patch b/nm-secret-whack.patch index d4ef8f4..c6cecb7 100644 --- a/nm-secret-whack.patch +++ b/nm-secret-whack.patch @@ -231,8 +231,35 @@ diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c --- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400 -+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-08 16:05:26.372305285 -0400 -@@ -218,6 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s ++++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-13 18:19:05.137333584 -0400 +@@ -212,12 +212,32 @@ openswan_watch_cb_auto (GPid pid, gint s + nm_warning ("openswan: ipsec auto died from an unknown cause"); + + /* Reap child if needed. */ +- waitpid (priv->pid_auto, NULL, WNOHANG); +- priv->pid_auto = 0; ++ //waitpid (priv->pid_auto, NULL, WNOHANG); ++ //priv->pid_auto = 0; ++ ++ waitpid (priv->pid, NULL, WNOHANG); ++ priv->pid = 0; ++ ++ /* Must be after data->state is set since signals use data->state */ ++ switch (error) { ++ case 2: ++ /* Couldn't log in due to bad user/pass */ ++ nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); ++ break; ++ case 1: ++ /* Other error (couldn't bind to address, etc) */ ++ nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED); ++ break; ++ default: ++ break; ++ } ++ ++ nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); + } static gint @@ -240,15 +267,29 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) { GPid pid, pid_auto; -@@ -259,12 +260,14 @@ nm_openswan_start_openswan_binary (NMOPE +@@ -257,14 +277,27 @@ nm_openswan_start_openswan_binary (NMOPE + } + g_ptr_array_free (openswan_argv, TRUE); ++ nm_info ("openswan: ipsec started with pid %d", pid); ++ ++ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; ++ openswan_watch = g_child_watch_source_new (pid); ++ g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); ++ g_source_attach (openswan_watch, NULL); ++ g_source_unref (openswan_watch); ++ sleep(2); - /*ipsec auto --up */ openswan_argv = g_ptr_array_new (); g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); g_ptr_array_add (openswan_argv, (gpointer) "auto"); - g_ptr_array_add (openswan_argv, (gpointer) "--up"); +- g_ptr_array_add (openswan_argv, (gpointer) "--up"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--add"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--config"); ++ g_ptr_array_add (openswan_argv, (gpointer) "-"); ++ //g_ptr_array_add (openswan_argv, (gpointer) "--up"); + //g_ptr_array_add (openswan_argv, (gpointer) "--name"); g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); + //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); @@ -256,7 +297,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan g_ptr_array_add (openswan_argv, NULL); if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, -@@ -277,13 +280,13 @@ nm_openswan_start_openswan_binary (NMOPE +@@ -277,13 +310,64 @@ nm_openswan_start_openswan_binary (NMOPE } g_ptr_array_free (openswan_argv, TRUE); @@ -268,15 +309,77 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan - g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); - g_source_attach (openswan_watch, NULL); - g_source_unref (openswan_watch); -+ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; ++ /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; + openswan_watch = g_child_watch_source_new (pid_auto); + g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); + g_source_attach (openswan_watch, NULL); -+ g_source_unref (openswan_watch); ++ g_source_unref (openswan_watch);*/ ++ ++ return stdin_fd; ++} ++ ++ ++ ++static gint ++nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) ++{ ++ GPid pid; ++ const char **openswan_binary = NULL; ++ GPtrArray *openswan_argv; ++ gint stdin_fd; ++ ++ /* Find openswan ipsec */ ++ openswan_binary = openswan_binary_paths; ++ while (*openswan_binary != NULL) { ++ if (g_file_test (*openswan_binary, G_FILE_TEST_EXISTS)) ++ break; ++ openswan_binary++; ++ } ++ ++ if (!*openswan_binary) { ++ g_set_error (error, ++ NM_VPN_PLUGIN_ERROR, ++ NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, ++ "%s", ++ "Could not find openswan binary."); ++ return -1; ++ } ++ ++ openswan_argv = g_ptr_array_new (); ++ g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); ++ g_ptr_array_add (openswan_argv, (gpointer) "auto"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--up"); ++ g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); ++ g_ptr_array_add (openswan_argv, NULL); ++ ++ if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, ++ G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, &stdin_fd, ++ NULL, NULL, error)) { ++ ++ g_ptr_array_free (openswan_argv, TRUE); ++ nm_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); ++ return -1; ++ } ++ g_ptr_array_free (openswan_argv, TRUE); ++ ++ sleep(3); ++ ++ nm_info ("openswan: ipsec auto connection started with pid %d", pid); return stdin_fd; } -@@ -365,7 +368,7 @@ write_one_property (const char *key, con +@@ -318,8 +402,8 @@ write_one_property (const char *key, con + WriteConfigInfo *info = (WriteConfigInfo *) user_data; + GType type = G_TYPE_INVALID; + int i; +- const char *default_username; +- const char *props_username; ++ //const char *default_username; ++ //const char *props_username; + const char *leftid; + + if (info->error) +@@ -365,11 +449,11 @@ write_one_property (const char *key, con //write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value); if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) { @@ -285,18 +388,51 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value); } -@@ -426,8 +429,8 @@ nm_openswan_config_write (NMSettingVPN * - gint conf_fd=-1; - gint secret_fd=-1; +- if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { ++ /*if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { + default_username = nm_setting_vpn_get_user_name (info->s_vpn); + props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); + if ( default_username && strlen (default_username) +@@ -378,7 +462,7 @@ write_one_property (const char *key, con + } else { + write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value); + } +- } ++ }*/ + + } else if (type == G_TYPE_BOOLEAN) { + if (!strcmp (value, "yes")) { +@@ -414,22 +498,22 @@ write_one_property (const char *key, con + } + + static gboolean +-nm_openswan_config_write (NMSettingVPN *s_vpn, ++nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + GError **error) + { + WriteConfigInfo *info; + const char *props_username; + //const char *props_natt_mode; + const char *default_username; +- const char *pw_type; ++ //const char *pw_type; + gint fdtmp1=-1; +- gint conf_fd=-1; +- gint secret_fd=-1; ++ //gint conf_fd=-1; ++ //gint secret_fd=-1; - conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); - secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); -+ conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); -+ secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); ++ //conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); ++ //secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); - fdtmp1 = conf_fd; +- fdtmp1 = conf_fd; ++ fdtmp1 = openswan_fd; if(fdtmp1 != -1) { -@@ -454,8 +457,10 @@ nm_openswan_config_write (NMSettingVPN * + write_config_option (fdtmp1, "conn nm-conn1\n"); + write_config_option (fdtmp1, " aggrmode=yes\n"); +@@ -454,8 +538,10 @@ nm_openswan_config_write (NMSettingVPN * write_config_option (fdtmp1, " ike=aes-sha1\n"); write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n"); write_config_option (fdtmp1, " nm_configured=yes\n"); @@ -308,23 +444,115 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan } //default_username = nm_setting_vpn_get_user_name (s_vpn); -@@ -514,8 +519,8 @@ real_connect (NMVPNPlugin *plugin, +@@ -472,7 +558,49 @@ nm_openswan_config_write (NMSettingVPN * + + info = g_malloc0 (sizeof (WriteConfigInfo)); + //info->fd = openswan_fd; +- info->conf_fd = conf_fd; ++ //info->conf_fd = conf_fd; ++ info->conf_fd = openswan_fd; ++ //info->secret_fd = secret_fd; ++ info->s_vpn = s_vpn; ++ ++ /* Check for ignored user password */ ++ /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); ++ if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) ++ info->upw_ignored = TRUE;*/ ++ ++ /* Check for ignored group password */ ++ /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_PSK_INPUT_MODES); ++ if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) ++ info->gpw_ignored = TRUE;*/ ++ ++ nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); ++ //nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); ++ *error = info->error; ++ //close(conf_fd); ++ close(openswan_fd); ++ sleep(3); ++ //close(secret_fd); ++ g_free (info); ++ ++ return *error ? FALSE : TRUE; ++} ++ ++ ++static gboolean ++nm_openswan_config_secret_write (NMSettingVPN *s_vpn, ++ GError **error) ++{ ++ WriteConfigInfo *info; ++ //const char *props_username; ++ //const char *default_username; ++ const char *pw_type; ++ //gint fdtmp1=-1; ++ //gint conf_fd=-1; ++ gint secret_fd=-1; ++ ++ secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); ++ ++ info = g_malloc0 (sizeof (WriteConfigInfo)); + info->secret_fd = secret_fd; + info->s_vpn = s_vpn; + +@@ -486,16 +614,15 @@ nm_openswan_config_write (NMSettingVPN * + if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) + info->gpw_ignored = TRUE; + +- nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); + nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); + *error = info->error; +- close(conf_fd); + close(secret_fd); + g_free (info); + + return *error ? FALSE : TRUE; + } + ++ + static gboolean + real_connect (NMVPNPlugin *plugin, + NMConnection *connection, +@@ -514,13 +641,31 @@ real_connect (NMVPNPlugin *plugin, if (!nm_openswan_secrets_validate (s_vpn, error)) goto out; - if (!nm_openswan_config_write (s_vpn, error)) - goto out; -+ if (!nm_openswan_config_write (s_vpn, error)) ++ if (!nm_openswan_config_secret_write (s_vpn, error)) + goto out; openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error); if (openswan_fd < 0) -@@ -622,6 +627,9 @@ real_disconnect (NMVPNPlugin *plugin, + goto out; + ++ if (!nm_openswan_config_write (openswan_fd, s_vpn, error)) { ++ goto out; ++ } ++ else { ++ /*no error*/ ++ openswan_fd=-1; ++ } ++ ++ unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); ++ ++ openswan_fd = nm_openswan_start_openswan_connection (NM_OPENSWAN_PLUGIN (plugin), error); ++ if (openswan_fd < 0) ++ goto out; ++ ++ write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); ++ close(openswan_fd); ++ openswan_fd=-1; ++ + success = TRUE; + + out: +@@ -622,6 +767,9 @@ real_disconnect (NMVPNPlugin *plugin, } g_ptr_array_free (openswan_argv, TRUE); -+ unlink("/etc/ipsec.d/ipsec-nm-conn1.conf"); -+ unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); ++ //unlink("/etc/ipsec.d/ipsec-nm-conn1.conf"); ++ //unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); + return TRUE; } From 61e2c7b502f1c588225feaede61710681d8aef65 Mon Sep 17 00:00:00 2001 From: avesh agarwal Date: Mon, 26 Jul 2010 14:39:42 +0000 Subject: [PATCH 06/37] Resolves: #616910 - Support for reading phase1 and phase2 algorithms through GUI --- NetworkManager-openswan.spec | 8 +- nm-616910.patch | 306 +++++++++++++++++++++++++++++++++++ 2 files changed, 313 insertions(+), 1 deletion(-) create mode 100644 nm-616910.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index a53dafb..c563011 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 4%{snapshot}%{?dist} +Release: 5%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -19,6 +19,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Patch1: nm-secret-whack.patch +Patch2: nm-616910.patch BuildRequires: gtk2-devel #BuildRequires: dbus-devel @@ -42,6 +43,7 @@ with NetworkManager and the GNOME desktop %setup -q -n NetworkManager-openswan-%{realversion} %patch1 -p1 +%patch2 -p1 %build %configure --disable-static --enable-more-warnings=yes @@ -76,6 +78,10 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Mon Jul 26 2010 Avesh Agarwal - 0.8.0-5.20100411git +Resolves: #616910 +- Support for reading phase1 and phase2 algorithms through GUI + * Tue Jul 13 2010 Avesh Agarwal - 0.8.0-4.20100411git - Modified fix for the bz 607352 - Fix to read connection configuration from stdin diff --git a/nm-616910.patch b/nm-616910.patch new file mode 100644 index 0000000..25dc0dc --- /dev/null +++ b/nm-616910.patch @@ -0,0 +1,306 @@ +diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c NetworkManager-openswan-0.8/properties/nm-openswan.c +--- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c 2010-07-21 15:41:07.674107915 -0400 ++++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2010-07-21 16:55:34.597114628 -0400 +@@ -416,6 +416,28 @@ init_plugin_ui (OpenswanPluginUiWidget * + } + g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); + ++ /* Phase 1 Algorithms: IKE*/ ++ widget = glade_xml_get_widget (priv->xml, "phase1_entry"); ++ g_return_val_if_fail (widget != NULL, FALSE); ++ gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); ++ if (s_vpn) { ++ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE); ++ if (value && strlen (value)) ++ gtk_entry_set_text (GTK_ENTRY (widget), value); ++ } ++ g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); ++ ++ /* Phase 2 Algorithms: ESP*/ ++ widget = glade_xml_get_widget (priv->xml, "phase2_entry"); ++ g_return_val_if_fail (widget != NULL, FALSE); ++ gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); ++ if (s_vpn) { ++ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP); ++ if (value && strlen (value)) ++ gtk_entry_set_text (GTK_ENTRY (widget), value); ++ } ++ g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); ++ + widget = glade_xml_get_widget (priv->xml, "domain_entry"); + g_return_val_if_fail (widget != NULL, FALSE); + gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); +@@ -520,11 +542,25 @@ update_connection (NMVpnPluginUiWidgetIn + if (str && strlen (str)) + nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTID, str); + ++ /* User name*/ + widget = glade_xml_get_widget (priv->xml, "user_entry"); + str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); + if (str && strlen (str)) + nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER, str); ++ ++ /* Phase 1 Algorithms: ike */ ++ widget = glade_xml_get_widget (priv->xml, "phase1_entry"); ++ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); ++ if (str && strlen (str)) ++ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_IKE, str); ++ ++ /* Phase 2 Algorithms: esp */ ++ widget = glade_xml_get_widget (priv->xml, "phase2_entry"); ++ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); ++ if (str && strlen (str)) ++ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_ESP, str); + ++ /* Domain entry */ + widget = glade_xml_get_widget (priv->xml, "domain_entry"); + str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); + if (str && strlen (str)) +diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan-dialog.glade NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade +--- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan-dialog.glade 2010-07-21 15:41:07.659354607 -0400 ++++ NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade 2010-07-21 16:22:37.191355919 -0400 +@@ -233,77 +233,120 @@ + True + 12 + +- ++ + True +- 5 +- 2 +- 6 +- 6 + +- ++ + True +- 0 +- User name: ++ 4 ++ 2 ++ 6 ++ 6 ++ ++ ++ True ++ 0 ++ User name: ++ ++ ++ GTK_FILL ++ ++ ++ ++ ++ ++ True ++ True ++ ++ ++ ++ 1 ++ 2 ++ ++ ++ ++ ++ ++ True ++ 0 ++ Phase1 Algorithms: ++ ++ ++ 1 ++ 2 ++ GTK_FILL ++ ++ ++ ++ ++ ++ True ++ True ++ ++ ++ ++ 1 ++ 2 ++ 1 ++ 2 ++ ++ ++ ++ ++ ++ True ++ 0 ++ Phase2 Algorithms: ++ ++ ++ 2 ++ 3 ++ GTK_FILL ++ ++ ++ ++ ++ ++ True ++ True ++ ++ ++ ++ 1 ++ 2 ++ 2 ++ 3 ++ ++ ++ ++ ++ ++ True ++ 0 ++ Domain: ++ ++ ++ 3 ++ 4 ++ GTK_FILL ++ ++ ++ ++ ++ ++ True ++ True ++ ++ ++ ++ 1 ++ 2 ++ 3 ++ 4 ++ ++ ++ + +- +- GTK_FILL +- +- +- +- +- +- True +- True +- +- +- 1 +- 2 +- +- +- +- +- +- True +- 0 +- Domain: +- +- +- 1 +- 2 +- GTK_FILL +- +- +- +- +- +- True +- True +- +- +- 1 +- 2 +- 1 +- 2 +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- + + + +diff -urNp NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c +--- NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c 2010-07-21 15:41:07.774135961 -0400 ++++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-21 17:22:01.650106623 -0400 +@@ -69,6 +69,8 @@ static ValidProperty valid_properties[] + { NM_OPENSWAN_DHGROUP, G_TYPE_STRING, 0, 0 }, + { NM_OPENSWAN_PFSGROUP, G_TYPE_STRING, 0, 0 }, + { NM_OPENSWAN_DPDTIMEOUT, G_TYPE_INT, 0, 86400 }, ++ { NM_OPENSWAN_IKE, G_TYPE_STRING, 0, 0 }, ++ { NM_OPENSWAN_ESP, G_TYPE_STRING, 0, 0 }, + /* Ignored option for internal use */ + { NM_OPENSWAN_PSK_INPUT_MODES, G_TYPE_NONE, 0, 0 }, + { NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES, G_TYPE_NONE, 0, 0 }, +@@ -505,6 +507,8 @@ nm_openswan_config_write (gint openswan_ + const char *props_username; + //const char *props_natt_mode; + const char *default_username; ++ const char *phase1_alg_str; ++ const char *phase2_alg_str; + //const char *pw_type; + gint fdtmp1=-1; + //gint conf_fd=-1; +@@ -535,8 +539,23 @@ nm_openswan_config_write (gint openswan_ + write_config_option (fdtmp1, " remote_peer_type=cisco\n"); + write_config_option (fdtmp1, " rightxauthserver=yes\n"); + write_config_option (fdtmp1, " rightmodecfgserver=yes\n"); ++ ++ phase1_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE); ++ if(!phase1_alg_str || !strlen (phase1_alg_str)) { + write_config_option (fdtmp1, " ike=aes-sha1\n"); ++ } ++ else { ++ write_config_option (fdtmp1, " ike=%s\n", phase1_alg_str); ++ } ++ ++ phase2_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP); ++ if(!phase2_alg_str || !strlen (phase2_alg_str)) { + write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n"); ++ } ++ else { ++ write_config_option (fdtmp1, " esp=%s\n", phase2_alg_str); ++ } ++ + write_config_option (fdtmp1, " nm_configured=yes\n"); + //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); + write_config_option (fdtmp1, " auto=add\n"); +diff -urNp NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.h NetworkManager-openswan-0.8/src/nm-openswan-service.h +--- NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.h 2010-07-21 15:41:07.775128199 -0400 ++++ NetworkManager-openswan-0.8/src/nm-openswan-service.h 2010-07-21 17:19:29.930120077 -0400 +@@ -47,6 +47,8 @@ + #define NM_OPENSWAN_DHGROUP "dhgroup" + #define NM_OPENSWAN_PFSGROUP "pfsgroup" + #define NM_OPENSWAN_DPDTIMEOUT "dpdtimeout" ++#define NM_OPENSWAN_IKE "ike" ++#define NM_OPENSWAN_ESP "esp" + + #define NM_OPENSWAN_PW_TYPE_SAVE "save" + #define NM_OPENSWAN_PW_TYPE_ASK "ask" From 90fce4b267c60c8a6120fa5ab79104875ce90260 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 28 Jul 2010 09:05:30 +0000 Subject: [PATCH 07/37] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index d8f1c06..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: NetworkManager-openswan -# $Id$ -NAME := NetworkManager-openswan -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From 2ab1bc02f86acb08fb3dbe2ad2e74099fc445f91 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Tue, 7 Sep 2010 15:00:07 -0400 Subject: [PATCH 08/37] - Modified import and export interfaces to import_from_file and export_to_file, respectively, due to changes in NMVpnPluginUiInterface struct in NM (bz 631159). --- NetworkManager-openswan.spec | 11 +++++++---- nm-changes.patch | 14 ++++++++++++++ 2 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 nm-changes.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index c563011..0308c51 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 5%{snapshot}%{?dist} +Release: 6%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -17,9 +17,9 @@ URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ Source0: http://people.redhat.com/avagarwa/files/%{name}/%{name}-%{realversion}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) - Patch1: nm-secret-whack.patch Patch2: nm-616910.patch +Patch3: nm-changes.patch BuildRequires: gtk2-devel #BuildRequires: dbus-devel @@ -34,7 +34,6 @@ Requires: NetworkManager Requires: gnome-keyring Requires: openswan >= %{openswan_version} - %description This package contains software for integrating the openswan VPN software with NetworkManager and the GNOME desktop @@ -44,6 +43,7 @@ with NetworkManager and the GNOME desktop %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %configure --disable-static --enable-more-warnings=yes @@ -61,7 +61,6 @@ rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la %clean rm -rf $RPM_BUILD_ROOT - %files -f %{name}.lang %defattr(-, root, root,-) %config /etc/NetworkManager/VPN/nm-openswan-service.name @@ -78,6 +77,10 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Tue Sep 7 2010 Avesh Agarwal - 0.8.0-6.20100411git +- Modified import and export interfaces to import_from_file and export_to_file, respectively, + due to changes in NMVpnPluginUiInterface struct in NM (bz 631159). + * Mon Jul 26 2010 Avesh Agarwal - 0.8.0-5.20100411git Resolves: #616910 - Support for reading phase1 and phase2 algorithms through GUI diff --git a/nm-changes.patch b/nm-changes.patch new file mode 100644 index 0000000..d23a241 --- /dev/null +++ b/nm-changes.patch @@ -0,0 +1,14 @@ +diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c NetworkManager-openswan-0.8-current/properties/nm-openswan.c +--- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c 2010-09-07 14:21:00.719407075 -0400 ++++ NetworkManager-openswan-0.8-current/properties/nm-openswan.c 2010-09-07 14:51:04.925157229 -0400 +@@ -850,8 +850,8 @@ openswan_plugin_ui_interface_init (NMVpn + /* interface implementation */ + iface_class->ui_factory = ui_factory; + iface_class->get_capabilities = get_capabilities; +- iface_class->import = NULL; +- iface_class->export = NULL; ++ iface_class->import_from_file = NULL; ++ iface_class->export_to_file = NULL; + iface_class->get_suggested_name = NULL; + iface_class->delete_connection = delete_connection; + } From 8783eae6aee1b84f11a1bfb8c62c34e212a3fb6c Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Mon, 7 Feb 2011 18:00:06 -0600 Subject: [PATCH 09/37] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 0308c51..9c04d5f 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 6%{snapshot}%{?dist} +Release: 7%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -77,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Mon Feb 07 2011 Fedora Release Engineering - 0.8.0-7.20100411git +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Tue Sep 7 2010 Avesh Agarwal - 0.8.0-6.20100411git - Modified import and export interfaces to import_from_file and export_to_file, respectively, due to changes in NMVpnPluginUiInterface struct in NM (bz 631159). From d3c07882522d974b6914a1c4536ce5cd36e3a80b Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Wed, 16 Feb 2011 12:43:04 -0500 Subject: [PATCH 10/37] - fixes for compile time errors --- NetworkManager-openswan.spec | 7 ++- compile-errors.patch | 89 ++++++++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 compile-errors.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 9c04d5f..cc7a398 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 7%{snapshot}%{?dist} +Release: 8%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -20,6 +20,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Patch1: nm-secret-whack.patch Patch2: nm-616910.patch Patch3: nm-changes.patch +Patch4: compile-errors.patch BuildRequires: gtk2-devel #BuildRequires: dbus-devel @@ -44,6 +45,7 @@ with NetworkManager and the GNOME desktop %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build %configure --disable-static --enable-more-warnings=yes @@ -77,6 +79,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Wed Feb 16 2011 Avesh Agarwal - 0.8.0-8.20100411git +- fixes for compile time errors + * Mon Feb 07 2011 Fedora Release Engineering - 0.8.0-7.20100411git - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild diff --git a/compile-errors.patch b/compile-errors.patch new file mode 100644 index 0000000..5eedd50 --- /dev/null +++ b/compile-errors.patch @@ -0,0 +1,89 @@ +diff -urNp NetworkManager-openswan-0.8-cvs-patched/auth-dialog/main.c NetworkManager-openswan-0.8-current/auth-dialog/main.c +--- NetworkManager-openswan-0.8-cvs-patched/auth-dialog/main.c 2011-02-15 10:56:52.192317259 -0500 ++++ NetworkManager-openswan-0.8-current/auth-dialog/main.c 2011-02-16 12:27:03.016111821 -0500 +@@ -284,7 +284,6 @@ main (int argc, char *argv[]) + char *password = NULL, *group_password = NULL; + char *upw_type = NULL, *gpw_type = NULL; + char buf[1]; +- int ret; + GError *error = NULL; + GOptionContext *context; + GOptionEntry entries[] = { +@@ -357,6 +356,9 @@ main (int argc, char *argv[]) + fflush (stdout); + + /* wait for data on stdin */ +- ret = fread (buf, sizeof (char), sizeof (buf), stdin); ++ if (fread (buf, sizeof (char), sizeof (buf), stdin) < sizeof(buf) && ferror(stdin)) { ++ fprintf(stderr,"error occured when reading from stdin in main.c in auth-dialog"); ++ } ++ + return 0; + } +diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c NetworkManager-openswan-0.8-current/properties/nm-openswan.c +--- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c 2011-02-15 10:57:24.704317823 -0500 ++++ NetworkManager-openswan-0.8-current/properties/nm-openswan.c 2011-02-16 12:27:47.200862374 -0500 +@@ -261,7 +261,6 @@ pw_type_changed_helper (OpenswanPluginUi + OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); + const char *entry = NULL; + GtkWidget *widget; +- GtkTreeModel *model; + + /* If the user chose "Not required", desensitize and clear the correct + * password entry. +@@ -280,7 +279,7 @@ pw_type_changed_helper (OpenswanPluginUi + widget = glade_xml_get_widget (priv->xml, entry); + g_assert (widget); + +- model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); ++ gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); + switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) { + case PW_TYPE_ASK: + case PW_TYPE_UNUSED: +@@ -488,11 +487,10 @@ static guint32 + handle_one_pw_type (NMSettingVPN *s_vpn, GladeXML *xml, const char *name, const char *key) + { + GtkWidget *widget; +- GtkTreeModel *model; + guint32 pw_type; + + widget = glade_xml_get_widget (xml, name); +- model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); ++ gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + + pw_type = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); + switch (pw_type) { +@@ -617,12 +615,11 @@ save_one_password (GladeXML *xml, + GnomeKeyringResult ret; + GtkWidget *widget; + const char *password; +- GtkTreeModel *model; + gboolean saved = FALSE; + + widget = glade_xml_get_widget (xml, combo); + g_assert (widget); +- model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); ++ gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + if (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)) == PW_TYPE_SAVE) { + widget = glade_xml_get_widget (xml, entry); + g_assert (widget); +diff -urNp NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c NetworkManager-openswan-0.8-current/src/nm-openswan-service.c +--- NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c 2011-02-15 10:57:21.422336210 -0500 ++++ NetworkManager-openswan-0.8-current/src/nm-openswan-service.c 2011-02-16 12:32:50.003111577 -0500 +@@ -379,11 +379,14 @@ write_config_option (int fd, const char + { + char * string; + va_list args; +- int x; + + va_start (args, format); + string = g_strdup_vprintf (format, args); +- x = write (fd, string, strlen (string)); ++ ++ if ( write (fd, string, strlen (string)) == -1) { ++ nm_warning ("nm-openswan: error in write_config_option"); ++ } ++ + g_free (string); + va_end (args); + } From bacc6f76d0e4ac72943ac0820938b00e74d0417d Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Wed, 16 Feb 2011 12:53:54 -0500 Subject: [PATCH 11/37] - fixes for compile time errors --- NetworkManager-openswan.spec | 7 ++- compile-errors.patch | 89 ++++++++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 compile-errors.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 9c04d5f..cc7a398 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 7%{snapshot}%{?dist} +Release: 8%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -20,6 +20,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Patch1: nm-secret-whack.patch Patch2: nm-616910.patch Patch3: nm-changes.patch +Patch4: compile-errors.patch BuildRequires: gtk2-devel #BuildRequires: dbus-devel @@ -44,6 +45,7 @@ with NetworkManager and the GNOME desktop %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build %configure --disable-static --enable-more-warnings=yes @@ -77,6 +79,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Wed Feb 16 2011 Avesh Agarwal - 0.8.0-8.20100411git +- fixes for compile time errors + * Mon Feb 07 2011 Fedora Release Engineering - 0.8.0-7.20100411git - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild diff --git a/compile-errors.patch b/compile-errors.patch new file mode 100644 index 0000000..5eedd50 --- /dev/null +++ b/compile-errors.patch @@ -0,0 +1,89 @@ +diff -urNp NetworkManager-openswan-0.8-cvs-patched/auth-dialog/main.c NetworkManager-openswan-0.8-current/auth-dialog/main.c +--- NetworkManager-openswan-0.8-cvs-patched/auth-dialog/main.c 2011-02-15 10:56:52.192317259 -0500 ++++ NetworkManager-openswan-0.8-current/auth-dialog/main.c 2011-02-16 12:27:03.016111821 -0500 +@@ -284,7 +284,6 @@ main (int argc, char *argv[]) + char *password = NULL, *group_password = NULL; + char *upw_type = NULL, *gpw_type = NULL; + char buf[1]; +- int ret; + GError *error = NULL; + GOptionContext *context; + GOptionEntry entries[] = { +@@ -357,6 +356,9 @@ main (int argc, char *argv[]) + fflush (stdout); + + /* wait for data on stdin */ +- ret = fread (buf, sizeof (char), sizeof (buf), stdin); ++ if (fread (buf, sizeof (char), sizeof (buf), stdin) < sizeof(buf) && ferror(stdin)) { ++ fprintf(stderr,"error occured when reading from stdin in main.c in auth-dialog"); ++ } ++ + return 0; + } +diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c NetworkManager-openswan-0.8-current/properties/nm-openswan.c +--- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c 2011-02-15 10:57:24.704317823 -0500 ++++ NetworkManager-openswan-0.8-current/properties/nm-openswan.c 2011-02-16 12:27:47.200862374 -0500 +@@ -261,7 +261,6 @@ pw_type_changed_helper (OpenswanPluginUi + OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); + const char *entry = NULL; + GtkWidget *widget; +- GtkTreeModel *model; + + /* If the user chose "Not required", desensitize and clear the correct + * password entry. +@@ -280,7 +279,7 @@ pw_type_changed_helper (OpenswanPluginUi + widget = glade_xml_get_widget (priv->xml, entry); + g_assert (widget); + +- model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); ++ gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); + switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) { + case PW_TYPE_ASK: + case PW_TYPE_UNUSED: +@@ -488,11 +487,10 @@ static guint32 + handle_one_pw_type (NMSettingVPN *s_vpn, GladeXML *xml, const char *name, const char *key) + { + GtkWidget *widget; +- GtkTreeModel *model; + guint32 pw_type; + + widget = glade_xml_get_widget (xml, name); +- model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); ++ gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + + pw_type = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); + switch (pw_type) { +@@ -617,12 +615,11 @@ save_one_password (GladeXML *xml, + GnomeKeyringResult ret; + GtkWidget *widget; + const char *password; +- GtkTreeModel *model; + gboolean saved = FALSE; + + widget = glade_xml_get_widget (xml, combo); + g_assert (widget); +- model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); ++ gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); + if (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)) == PW_TYPE_SAVE) { + widget = glade_xml_get_widget (xml, entry); + g_assert (widget); +diff -urNp NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c NetworkManager-openswan-0.8-current/src/nm-openswan-service.c +--- NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c 2011-02-15 10:57:21.422336210 -0500 ++++ NetworkManager-openswan-0.8-current/src/nm-openswan-service.c 2011-02-16 12:32:50.003111577 -0500 +@@ -379,11 +379,14 @@ write_config_option (int fd, const char + { + char * string; + va_list args; +- int x; + + va_start (args, format); + string = g_strdup_vprintf (format, args); +- x = write (fd, string, strlen (string)); ++ ++ if ( write (fd, string, strlen (string)) == -1) { ++ nm_warning ("nm-openswan: error in write_config_option"); ++ } ++ + g_free (string); + va_end (args); + } From cff2bdeac18c26e57f12fbd0aeaba9d1b516387d Mon Sep 17 00:00:00 2001 From: Christopher Aillon Date: Sun, 27 Mar 2011 18:02:23 -0700 Subject: [PATCH 12/37] Build against NetworkManager 0.9 --- NetworkManager-openswan.spec | 7 +- compile-errors.patch | 9 +- nm09.patch | 359 +++++++++++++++++++++++++++++++++++ 3 files changed, 368 insertions(+), 7 deletions(-) create mode 100644 nm09.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index cc7a398..a22cba2 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.0 -Release: 8%{snapshot}%{?dist} +Release: 9%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ @@ -21,6 +21,7 @@ Patch1: nm-secret-whack.patch Patch2: nm-616910.patch Patch3: nm-changes.patch Patch4: compile-errors.patch +Patch5: nm09.patch BuildRequires: gtk2-devel #BuildRequires: dbus-devel @@ -46,6 +47,7 @@ with NetworkManager and the GNOME desktop %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 -b .nm09 %build %configure --disable-static --enable-more-warnings=yes @@ -79,6 +81,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Sun Mar 27 2011 Christopher Aillon - 0.8.0-9.20100411git +- Rebuild against NetworkManager 0.9 + * Wed Feb 16 2011 Avesh Agarwal - 0.8.0-8.20100411git - fixes for compile time errors diff --git a/compile-errors.patch b/compile-errors.patch index 5eedd50..6c9b750 100644 --- a/compile-errors.patch +++ b/compile-errors.patch @@ -31,16 +31,15 @@ diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c Netw /* If the user chose "Not required", desensitize and clear the correct * password entry. -@@ -280,7 +279,7 @@ pw_type_changed_helper (OpenswanPluginUi +@@ -280,7 +279,6 @@ pw_type_changed_helper (OpenswanPluginUi widget = glade_xml_get_widget (priv->xml, entry); g_assert (widget); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); -+ gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) { case PW_TYPE_ASK: case PW_TYPE_UNUSED: -@@ -488,11 +487,10 @@ static guint32 +@@ -488,11 +487,9 @@ static guint32 handle_one_pw_type (NMSettingVPN *s_vpn, GladeXML *xml, const char *name, const char *key) { GtkWidget *widget; @@ -49,11 +48,10 @@ diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c Netw widget = glade_xml_get_widget (xml, name); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); -+ gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); pw_type = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); switch (pw_type) { -@@ -617,12 +615,11 @@ save_one_password (GladeXML *xml, +@@ -617,12 +615,10 @@ save_one_password (GladeXML *xml, GnomeKeyringResult ret; GtkWidget *widget; const char *password; @@ -63,7 +61,6 @@ diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c Netw widget = glade_xml_get_widget (xml, combo); g_assert (widget); - model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); -+ gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); if (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)) == PW_TYPE_SAVE) { widget = glade_xml_get_widget (xml, entry); g_assert (widget); diff --git a/nm09.patch b/nm09.patch new file mode 100644 index 0000000..f969463 --- /dev/null +++ b/nm09.patch @@ -0,0 +1,359 @@ +diff -up NetworkManager-openswan-0.8/properties/nm-openswan.c.nm09 NetworkManager-openswan-0.8/properties/nm-openswan.c +--- NetworkManager-openswan-0.8/properties/nm-openswan.c.nm09 2011-03-27 17:51:22.426710054 -0700 ++++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2011-03-27 17:58:58.457008890 -0700 +@@ -170,43 +170,41 @@ fill_vpn_passwords (OpenswanPluginUiWidg + char *password = NULL; + char *group_password = NULL; + +- /* Grab secrets from the keyring */ ++ /* Grab secrets from the connection or the keyring */ + if (connection) { + NMSettingConnection *s_con; + NMSettingVPN *s_vpn; ++ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; + const char *tmp; + ++ s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); ++ + s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); ++ if (s_vpn) { ++ tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD); ++ if (tmp) ++ password = gnome_keyring_memory_strdup (tmp); ++ ++ tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE); ++ if (tmp) ++ group_password = gnome_keyring_memory_strdup (tmp); ++ } + +- if (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_SYSTEM) { +- if (s_vpn) { +- tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD); +- if (tmp) +- password = gnome_keyring_memory_strdup (tmp); +- +- tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE); +- if (tmp) +- group_password = gnome_keyring_memory_strdup (tmp); +- } +- } else { +- s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); +- +- /* Lookup passwords in the keyring, and if they weren't there, try +- * the connection itself, which is where they'd be right after import. +- */ ++ nm_setting_get_secret_flags (NM_SETTING (s_vpn), OPENSWAN_USER_PASSWORD, &secret_flags, NULL); ++ if (!password && (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED)) { + keyring_helpers_get_one_secret (nm_setting_connection_get_uuid (s_con), +- OPENSWAN_USER_PASSWORD, +- &password, +- NULL); +- if (!password) +- password = gnome_keyring_memory_strdup (nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); ++ OPENSWAN_USER_PASSWORD, ++ &password, ++ NULL); ++ } + ++ secret_flags = NM_SETTING_SECRET_FLAG_NONE; ++ nm_setting_get_secret_flags (NM_SETTING (s_vpn), OPENSWAN_GROUP_PASSWORD, &secret_flags, NULL); ++ if (!group_password && (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED)) { + keyring_helpers_get_one_secret (nm_setting_connection_get_uuid (s_con), + OPENSWAN_GROUP_PASSWORD, + &group_password, + NULL); +- if (!group_password) +- group_password = gnome_keyring_memory_strdup (nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE)); + } + } + +@@ -300,6 +298,20 @@ pw_type_combo_changed_cb (GtkWidget *com + stuff_changed_cb (combo, self); + } + ++static const char * ++secret_flags_to_pw_type (NMSettingVPN *s_vpn, const char *key) ++{ ++ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; ++ ++ if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), key, &flags, NULL)) { ++ if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) ++ return NM_OPENSWAN_PW_TYPE_UNUSED; ++ if (flags & NM_SETTING_SECRET_FLAG_NOT_SAVED) ++ return NM_OPENSWAN_PW_TYPE_ASK; ++ } ++ return NM_OPENSWAN_PW_TYPE_SAVE; ++} ++ + static void + init_one_pw_combo (OpenswanPluginUiWidget *self, + NMSettingVPN *s_vpn, +@@ -330,6 +342,8 @@ init_one_pw_combo (OpenswanPluginUiWidge + store = gtk_list_store_new (1, G_TYPE_STRING); + if (s_vpn) + value = nm_setting_vpn_get_data_item (s_vpn, key); ++ if (!value) ++ value = secret_flags_to_pw_type (s_vpn, key); + + gtk_list_store_append (store, &iter); + gtk_list_store_set (store, &iter, 0, _("Saved"), -1); +@@ -485,26 +499,35 @@ get_widget (NMVpnPluginUiWidgetInterface + static guint32 + handle_one_pw_type (NMSettingVPN *s_vpn, GladeXML *xml, const char *name, const char *key) + { ++ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; + GtkWidget *widget; + guint32 pw_type; ++ const char *data_val = NULL; + + widget = glade_xml_get_widget (xml, name); + ++ nm_setting_get_secret_flags (NM_SETTING (s_vpn), key, &flags, NULL); ++ flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); ++ + pw_type = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); + switch (pw_type) { + case PW_TYPE_SAVE: +- nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_SAVE); ++ data_val = NM_OPENSWAN_PW_TYPE_SAVE; + break; + case PW_TYPE_UNUSED: +- nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_UNUSED); ++ data_val = NM_OPENSWAN_PW_TYPE_UNUSED; ++ flags |= NM_SETTING_SECRET_FLAG_NOT_REQUIRED; + break; + case PW_TYPE_ASK: + default: + pw_type = PW_TYPE_ASK; +- nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_ASK); ++ data_val = NM_OPENSWAN_PW_TYPE_ASK; ++ flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED; + break; + } + ++ nm_setting_vpn_add_data_item (s_vpn, key, data_val); ++ nm_setting_set_secret_flags (NM_SETTING (s_vpn), key, flags, NULL); + return pw_type; + } + +@@ -580,22 +603,17 @@ update_connection (NMVpnPluginUiWidgetIn + upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); + gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES); + +- /* System secrets get stored in the connection, user secrets are saved +- * via the save_secrets() hook. +- */ +- if (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_SYSTEM) { +- /* User password */ +- widget = glade_xml_get_widget (priv->xml, "user_password_entry"); +- str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); +- if (str && strlen (str) && (upw_type != PW_TYPE_UNUSED)) +- nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD, str); +- +- /* Group password */ +- widget = glade_xml_get_widget (priv->xml, "group_password_entry"); +- str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); +- if (str && strlen (str) && (gpw_type != PW_TYPE_UNUSED)) +- nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_PSK_VALUE, str); +- } ++ /* User password */ ++ widget = glade_xml_get_widget (priv->xml, "user_password_entry"); ++ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); ++ if (str && strlen (str) && (upw_type != PW_TYPE_UNUSED)) ++ nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD, str); ++ ++ /* Group password */ ++ widget = glade_xml_get_widget (priv->xml, "group_password_entry"); ++ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); ++ if (str && strlen (str) && (gpw_type != PW_TYPE_UNUSED)) ++ nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_PSK_VALUE, str); + + nm_connection_add_setting (connection, NM_SETTING (s_vpn)); + return TRUE; +@@ -642,24 +660,36 @@ save_secrets (NMVpnPluginUiWidgetInterfa + OpenswanPluginUiWidget *self = OPENSWAN_PLUGIN_UI_WIDGET (iface); + OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); + NMSettingConnection *s_con; ++ NMSettingVPN *s_vpn; + const char *id, *uuid; ++ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; + + s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); +- if (!s_con) { ++ s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); ++ if (!s_con || !s_vpn) { + g_set_error (error, + OPENSWAN_PLUGIN_UI_ERROR, + OPENSWAN_PLUGIN_UI_ERROR_INVALID_CONNECTION, +- "missing 'connection' setting"); ++ "missing connection or VPN settings"); + return FALSE; + } + + id = nm_setting_connection_get_id (s_con); + uuid = nm_setting_connection_get_uuid (s_con); + +- save_one_password (priv->xml, OPENSWAN_USER_PASSWORD, uuid, id, +- "user_password_entry", "user_pass_type_combo", "user password"); +- save_one_password (priv->xml, OPENSWAN_GROUP_PASSWORD, uuid, id, +- "group_password_entry", "group_pass_type_combo", "group password"); ++ if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_OPENSWAN_XAUTH_PASSWORD, &secret_flags, NULL)) { ++ if (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED) { ++ save_one_password (priv->xml, OPENSWAN_USER_PASSWORD, uuid, id, ++ "user_password_entry", "user_pass_type_combo", "user password"); ++ } ++ } ++ ++ if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_OPENSWAN_PSK_VALUE, &secret_flags, NULL)) { ++ if (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED) { ++ save_one_password (priv->xml, OPENSWAN_GROUP_PASSWORD, uuid, id, ++ "group_password_entry", "group_pass_type_combo", "group password"); ++ } ++ } + + return TRUE; + } +diff -up NetworkManager-openswan-0.8/src/nm-openswan-service.c.nm09 NetworkManager-openswan-0.8/src/nm-openswan-service.c +--- NetworkManager-openswan-0.8/src/nm-openswan-service.c.nm09 2011-03-27 17:50:42.579208216 -0700 ++++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2011-03-27 17:59:44.777429804 -0700 +@@ -204,14 +204,14 @@ openswan_watch_cb_auto (GPid pid, gint s + if (WIFEXITED (status)) { + error = WEXITSTATUS (status); + if (error != 0) +- nm_warning ("openswan: ipsec auto exited with error code %d", error); ++ g_warning ("openswan: ipsec auto exited with error code %d", error); + } + else if (WIFSTOPPED (status)) +- nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); ++ g_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); + else if (WIFSIGNALED (status)) +- nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); ++ g_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); + else +- nm_warning ("openswan: ipsec auto died from an unknown cause"); ++ g_warning ("openswan: ipsec auto died from an unknown cause"); + + /* Reap child if needed. */ + //waitpid (priv->pid_auto, NULL, WNOHANG); +@@ -274,12 +274,12 @@ nm_openswan_start_openswan_binary (NMOPE + if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, + 0, NULL, NULL, &pid, error)) { + g_ptr_array_free (openswan_argv, TRUE); +- nm_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); ++ g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- nm_info ("openswan: ipsec started with pid %d", pid); ++ g_message ("openswan: ipsec started with pid %d", pid); + + NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; + openswan_watch = g_child_watch_source_new (pid); +@@ -307,12 +307,12 @@ nm_openswan_start_openswan_binary (NMOPE + NULL, NULL, error)) { + + g_ptr_array_free (openswan_argv, TRUE); +- nm_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); ++ g_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- nm_info ("openswan: ipsec auto started with pid %d", pid_auto); ++ g_message ("openswan: ipsec auto started with pid %d", pid_auto); + + /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; + openswan_watch = g_child_watch_source_new (pid_auto); +@@ -362,14 +362,14 @@ nm_openswan_start_openswan_connection (N + NULL, NULL, error)) { + + g_ptr_array_free (openswan_argv, TRUE); +- nm_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); ++ g_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + + sleep(3); + +- nm_info ("openswan: ipsec auto connection started with pid %d", pid); ++ g_message ("openswan: ipsec auto connection started with pid %d", pid); + + return stdin_fd; + } +@@ -384,7 +384,7 @@ write_config_option (int fd, const char + string = g_strdup_vprintf (format, args); + + if ( write (fd, string, strlen (string)) == -1) { +- nm_warning ("nm-openswan: error in write_config_option"); ++ g_warning ("nm-openswan: error in write_config_option"); + } + + g_free (string); +@@ -497,7 +497,7 @@ write_one_property (const char *key, con + /* ignored */ + } else { + /* Just ignore unknown properties */ +- nm_warning ("Don't know how to write property '%s' with type %s", ++ g_warning ("Don't know how to write property '%s' with type %s", + (char *) key, g_type_name (type)); + } + } +@@ -784,7 +784,7 @@ real_disconnect (NMVPNPlugin *plugin, + if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, + 0, NULL, NULL, NULL, error)) { + g_ptr_array_free (openswan_argv, TRUE); +- nm_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); ++ g_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); +diff -up NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c.nm09 NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c +--- NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c.nm09 2011-03-27 17:50:51.747093599 -0700 ++++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c 2011-03-27 17:59:44.779429780 -0700 +@@ -48,7 +48,7 @@ helper_failed (DBusGConnection *connecti + DBusGProxy *proxy; + GError *err = NULL; + +- nm_warning ("nm-openswan-service-helper did not receive a valid %s from openswan", reason); ++ g_warning ("nm-openswan-service-helper did not receive a valid %s from openswan", reason); + + proxy = dbus_g_proxy_new_for_name (connection, + NM_DBUS_SERVICE_OPENSWAN, +@@ -61,7 +61,7 @@ helper_failed (DBusGConnection *connecti + G_TYPE_INVALID); + + if (err) { +- nm_warning ("Could not send failure information: %s", err->message); ++ g_warning ("Could not send failure information: %s", err->message); + g_error_free (err); + } + +@@ -88,7 +88,7 @@ send_ip4_config (DBusGConnection *connec + G_TYPE_INVALID); + + if (err) { +- nm_warning ("Could not send IPv4 configuration: %s", err->message); ++ g_warning ("Could not send IPv4 configuration: %s", err->message); + g_error_free (err); + } + +@@ -221,7 +221,7 @@ main (int argc, char *argv[]) + + connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &err); + if (!connection) { +- nm_warning ("Could not get the system bus: %s", err->message); ++ g_warning ("Could not get the system bus: %s", err->message); + exit (1); + } + +@@ -299,7 +299,7 @@ main (int argc, char *argv[]) + errno = 0; + mtu = strtol (tmp, NULL, 10); + if (errno || mtu < 0 || mtu > 20000) { +- nm_warning ("Ignoring invalid tunnel MTU '%s'", tmp); ++ g_warning ("Ignoring invalid tunnel MTU '%s'", tmp); + mtu = 1412; + } + } From 1da30d365936badefaa8ca428aee593cc9ba2efd Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Wed, 4 May 2011 00:19:07 -0500 Subject: [PATCH 13/37] Update to 0.8.999 (0.9-rc2) --- NetworkManager-openswan.spec | 39 +-- compile-errors.patch | 86 ------ nm-616910.patch | 306 ------------------ nm-changes.patch | 14 - nm-secret-whack.patch | 580 ----------------------------------- nm09.patch | 359 ---------------------- sources | 2 +- 7 files changed, 16 insertions(+), 1370 deletions(-) delete mode 100644 compile-errors.patch delete mode 100644 nm-616910.patch delete mode 100644 nm-changes.patch delete mode 100644 nm-secret-whack.patch delete mode 100644 nm09.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index a22cba2..df8a149 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,35 +1,27 @@ %define openswan_version 2.6.27-1 -%define snapshot .20100411git -%define realversion 0.8 +%define snapshot %{nil} +%define realversion 0.8.999 Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan -Version: 0.8.0 -Release: 9%{snapshot}%{?dist} +Version: 0.8.999 +Release: 1%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base -URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ +URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/ # To get source, either download from the above url, or follow these commands # Check out NetworkManager-openswan # "cd" to specfic fedora release # run "make test-srpm" -Source0: http://people.redhat.com/avagarwa/files/%{name}/%{name}-%{realversion}.tar.gz +Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/%{name}-%{realversion}.tar.bz2 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) -Patch1: nm-secret-whack.patch -Patch2: nm-616910.patch -Patch3: nm-changes.patch -Patch4: compile-errors.patch -Patch5: nm09.patch - -BuildRequires: gtk2-devel -#BuildRequires: dbus-devel -#BuildRequires: NetworkManager-devel +BuildRequires: gtk3-devel +BuildRequires: dbus-devel +BuildRequires: NetworkManager-devel BuildRequires: NetworkManager-glib-devel -BuildRequires: GConf2-devel BuildRequires: gnome-keyring-devel -BuildRequires: libglade2-devel BuildRequires: intltool gettext Requires: NetworkManager @@ -43,12 +35,6 @@ with NetworkManager and the GNOME desktop %prep %setup -q -n NetworkManager-openswan-%{realversion} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -b .nm09 - %build %configure --disable-static --enable-more-warnings=yes make %{?_smp_mflags} @@ -77,10 +63,15 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name %{_libexecdir}/nm-openswan-service %{_libexecdir}/nm-openswan-service-helper -%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.glade +%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Tue May 03 2011 Dan Williams - 0.8.999-1 +- Update to 0.8.999 (0.9-rc2) +- Port to GTK 3.0 and GtkBuilder +- Fix some issues with secrets storage + * Sun Mar 27 2011 Christopher Aillon - 0.8.0-9.20100411git - Rebuild against NetworkManager 0.9 diff --git a/compile-errors.patch b/compile-errors.patch deleted file mode 100644 index 6c9b750..0000000 --- a/compile-errors.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff -urNp NetworkManager-openswan-0.8-cvs-patched/auth-dialog/main.c NetworkManager-openswan-0.8-current/auth-dialog/main.c ---- NetworkManager-openswan-0.8-cvs-patched/auth-dialog/main.c 2011-02-15 10:56:52.192317259 -0500 -+++ NetworkManager-openswan-0.8-current/auth-dialog/main.c 2011-02-16 12:27:03.016111821 -0500 -@@ -284,7 +284,6 @@ main (int argc, char *argv[]) - char *password = NULL, *group_password = NULL; - char *upw_type = NULL, *gpw_type = NULL; - char buf[1]; -- int ret; - GError *error = NULL; - GOptionContext *context; - GOptionEntry entries[] = { -@@ -357,6 +356,9 @@ main (int argc, char *argv[]) - fflush (stdout); - - /* wait for data on stdin */ -- ret = fread (buf, sizeof (char), sizeof (buf), stdin); -+ if (fread (buf, sizeof (char), sizeof (buf), stdin) < sizeof(buf) && ferror(stdin)) { -+ fprintf(stderr,"error occured when reading from stdin in main.c in auth-dialog"); -+ } -+ - return 0; - } -diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c NetworkManager-openswan-0.8-current/properties/nm-openswan.c ---- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c 2011-02-15 10:57:24.704317823 -0500 -+++ NetworkManager-openswan-0.8-current/properties/nm-openswan.c 2011-02-16 12:27:47.200862374 -0500 -@@ -261,7 +261,6 @@ pw_type_changed_helper (OpenswanPluginUi - OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); - const char *entry = NULL; - GtkWidget *widget; -- GtkTreeModel *model; - - /* If the user chose "Not required", desensitize and clear the correct - * password entry. -@@ -280,7 +279,6 @@ pw_type_changed_helper (OpenswanPluginUi - widget = glade_xml_get_widget (priv->xml, entry); - g_assert (widget); - -- model = gtk_combo_box_get_model (GTK_COMBO_BOX (combo)); - switch (gtk_combo_box_get_active (GTK_COMBO_BOX (combo))) { - case PW_TYPE_ASK: - case PW_TYPE_UNUSED: -@@ -488,11 +487,9 @@ static guint32 - handle_one_pw_type (NMSettingVPN *s_vpn, GladeXML *xml, const char *name, const char *key) - { - GtkWidget *widget; -- GtkTreeModel *model; - guint32 pw_type; - - widget = glade_xml_get_widget (xml, name); -- model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - - pw_type = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); - switch (pw_type) { -@@ -617,12 +615,10 @@ save_one_password (GladeXML *xml, - GnomeKeyringResult ret; - GtkWidget *widget; - const char *password; -- GtkTreeModel *model; - gboolean saved = FALSE; - - widget = glade_xml_get_widget (xml, combo); - g_assert (widget); -- model = gtk_combo_box_get_model (GTK_COMBO_BOX (widget)); - if (gtk_combo_box_get_active (GTK_COMBO_BOX (widget)) == PW_TYPE_SAVE) { - widget = glade_xml_get_widget (xml, entry); - g_assert (widget); -diff -urNp NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c NetworkManager-openswan-0.8-current/src/nm-openswan-service.c ---- NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c 2011-02-15 10:57:21.422336210 -0500 -+++ NetworkManager-openswan-0.8-current/src/nm-openswan-service.c 2011-02-16 12:32:50.003111577 -0500 -@@ -379,11 +379,14 @@ write_config_option (int fd, const char - { - char * string; - va_list args; -- int x; - - va_start (args, format); - string = g_strdup_vprintf (format, args); -- x = write (fd, string, strlen (string)); -+ -+ if ( write (fd, string, strlen (string)) == -1) { -+ nm_warning ("nm-openswan: error in write_config_option"); -+ } -+ - g_free (string); - va_end (args); - } diff --git a/nm-616910.patch b/nm-616910.patch deleted file mode 100644 index 25dc0dc..0000000 --- a/nm-616910.patch +++ /dev/null @@ -1,306 +0,0 @@ -diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c NetworkManager-openswan-0.8/properties/nm-openswan.c ---- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c 2010-07-21 15:41:07.674107915 -0400 -+++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2010-07-21 16:55:34.597114628 -0400 -@@ -416,6 +416,28 @@ init_plugin_ui (OpenswanPluginUiWidget * - } - g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); - -+ /* Phase 1 Algorithms: IKE*/ -+ widget = glade_xml_get_widget (priv->xml, "phase1_entry"); -+ g_return_val_if_fail (widget != NULL, FALSE); -+ gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); -+ if (s_vpn) { -+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE); -+ if (value && strlen (value)) -+ gtk_entry_set_text (GTK_ENTRY (widget), value); -+ } -+ g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); -+ -+ /* Phase 2 Algorithms: ESP*/ -+ widget = glade_xml_get_widget (priv->xml, "phase2_entry"); -+ g_return_val_if_fail (widget != NULL, FALSE); -+ gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); -+ if (s_vpn) { -+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP); -+ if (value && strlen (value)) -+ gtk_entry_set_text (GTK_ENTRY (widget), value); -+ } -+ g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); -+ - widget = glade_xml_get_widget (priv->xml, "domain_entry"); - g_return_val_if_fail (widget != NULL, FALSE); - gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget)); -@@ -520,11 +542,25 @@ update_connection (NMVpnPluginUiWidgetIn - if (str && strlen (str)) - nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTID, str); - -+ /* User name*/ - widget = glade_xml_get_widget (priv->xml, "user_entry"); - str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); - if (str && strlen (str)) - nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER, str); -+ -+ /* Phase 1 Algorithms: ike */ -+ widget = glade_xml_get_widget (priv->xml, "phase1_entry"); -+ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); -+ if (str && strlen (str)) -+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_IKE, str); -+ -+ /* Phase 2 Algorithms: esp */ -+ widget = glade_xml_get_widget (priv->xml, "phase2_entry"); -+ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); -+ if (str && strlen (str)) -+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_ESP, str); - -+ /* Domain entry */ - widget = glade_xml_get_widget (priv->xml, "domain_entry"); - str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); - if (str && strlen (str)) -diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan-dialog.glade NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade ---- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan-dialog.glade 2010-07-21 15:41:07.659354607 -0400 -+++ NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade 2010-07-21 16:22:37.191355919 -0400 -@@ -233,77 +233,120 @@ - True - 12 - -- -+ - True -- 5 -- 2 -- 6 -- 6 - -- -+ - True -- 0 -- User name: -+ 4 -+ 2 -+ 6 -+ 6 -+ -+ -+ True -+ 0 -+ User name: -+ -+ -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ -+ -+ -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ True -+ 0 -+ Phase1 Algorithms: -+ -+ -+ 1 -+ 2 -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ True -+ 0 -+ Phase2 Algorithms: -+ -+ -+ 2 -+ 3 -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ -+ -+ -+ 1 -+ 2 -+ 2 -+ 3 -+ -+ -+ -+ -+ -+ True -+ 0 -+ Domain: -+ -+ -+ 3 -+ 4 -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ -+ -+ -+ 1 -+ 2 -+ 3 -+ 4 -+ -+ -+ - -- -- GTK_FILL -- -- -- -- -- -- True -- True -- -- -- 1 -- 2 -- -- -- -- -- -- True -- 0 -- Domain: -- -- -- 1 -- 2 -- GTK_FILL -- -- -- -- -- -- True -- True -- -- -- 1 -- 2 -- 1 -- 2 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - - - -diff -urNp NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c ---- NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.c 2010-07-21 15:41:07.774135961 -0400 -+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-21 17:22:01.650106623 -0400 -@@ -69,6 +69,8 @@ static ValidProperty valid_properties[] - { NM_OPENSWAN_DHGROUP, G_TYPE_STRING, 0, 0 }, - { NM_OPENSWAN_PFSGROUP, G_TYPE_STRING, 0, 0 }, - { NM_OPENSWAN_DPDTIMEOUT, G_TYPE_INT, 0, 86400 }, -+ { NM_OPENSWAN_IKE, G_TYPE_STRING, 0, 0 }, -+ { NM_OPENSWAN_ESP, G_TYPE_STRING, 0, 0 }, - /* Ignored option for internal use */ - { NM_OPENSWAN_PSK_INPUT_MODES, G_TYPE_NONE, 0, 0 }, - { NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES, G_TYPE_NONE, 0, 0 }, -@@ -505,6 +507,8 @@ nm_openswan_config_write (gint openswan_ - const char *props_username; - //const char *props_natt_mode; - const char *default_username; -+ const char *phase1_alg_str; -+ const char *phase2_alg_str; - //const char *pw_type; - gint fdtmp1=-1; - //gint conf_fd=-1; -@@ -535,8 +539,23 @@ nm_openswan_config_write (gint openswan_ - write_config_option (fdtmp1, " remote_peer_type=cisco\n"); - write_config_option (fdtmp1, " rightxauthserver=yes\n"); - write_config_option (fdtmp1, " rightmodecfgserver=yes\n"); -+ -+ phase1_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE); -+ if(!phase1_alg_str || !strlen (phase1_alg_str)) { - write_config_option (fdtmp1, " ike=aes-sha1\n"); -+ } -+ else { -+ write_config_option (fdtmp1, " ike=%s\n", phase1_alg_str); -+ } -+ -+ phase2_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP); -+ if(!phase2_alg_str || !strlen (phase2_alg_str)) { - write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n"); -+ } -+ else { -+ write_config_option (fdtmp1, " esp=%s\n", phase2_alg_str); -+ } -+ - write_config_option (fdtmp1, " nm_configured=yes\n"); - //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); - write_config_option (fdtmp1, " auto=add\n"); -diff -urNp NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.h NetworkManager-openswan-0.8/src/nm-openswan-service.h ---- NetworkManager-openswan-0.8-cvs-patched/src/nm-openswan-service.h 2010-07-21 15:41:07.775128199 -0400 -+++ NetworkManager-openswan-0.8/src/nm-openswan-service.h 2010-07-21 17:19:29.930120077 -0400 -@@ -47,6 +47,8 @@ - #define NM_OPENSWAN_DHGROUP "dhgroup" - #define NM_OPENSWAN_PFSGROUP "pfsgroup" - #define NM_OPENSWAN_DPDTIMEOUT "dpdtimeout" -+#define NM_OPENSWAN_IKE "ike" -+#define NM_OPENSWAN_ESP "esp" - - #define NM_OPENSWAN_PW_TYPE_SAVE "save" - #define NM_OPENSWAN_PW_TYPE_ASK "ask" diff --git a/nm-changes.patch b/nm-changes.patch deleted file mode 100644 index d23a241..0000000 --- a/nm-changes.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -urNp NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c NetworkManager-openswan-0.8-current/properties/nm-openswan.c ---- NetworkManager-openswan-0.8-cvs-patched/properties/nm-openswan.c 2010-09-07 14:21:00.719407075 -0400 -+++ NetworkManager-openswan-0.8-current/properties/nm-openswan.c 2010-09-07 14:51:04.925157229 -0400 -@@ -850,8 +850,8 @@ openswan_plugin_ui_interface_init (NMVpn - /* interface implementation */ - iface_class->ui_factory = ui_factory; - iface_class->get_capabilities = get_capabilities; -- iface_class->import = NULL; -- iface_class->export = NULL; -+ iface_class->import_from_file = NULL; -+ iface_class->export_to_file = NULL; - iface_class->get_suggested_name = NULL; - iface_class->delete_connection = delete_connection; - } diff --git a/nm-secret-whack.patch b/nm-secret-whack.patch deleted file mode 100644 index c6cecb7..0000000 --- a/nm-secret-whack.patch +++ /dev/null @@ -1,580 +0,0 @@ -diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan.c NetworkManager-openswan-0.8/properties/nm-openswan.c ---- NetworkManager-openswan-0.8-orig/properties/nm-openswan.c 2010-06-04 17:50:13.000000000 -0400 -+++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2010-07-08 12:15:43.376302841 -0400 -@@ -426,7 +426,7 @@ init_plugin_ui (OpenswanPluginUiWidget * - } - g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); - -- widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); -+ /*widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); - g_return_val_if_fail (widget != NULL, FALSE); - if (s_vpn) { - value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT); -@@ -442,7 +442,7 @@ init_plugin_ui (OpenswanPluginUiWidget * - gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); - } - } -- g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self); -+ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/ - - widget = glade_xml_get_widget (priv->xml, "show_passwords_checkbutton"); - g_return_val_if_fail (widget != NULL, FALSE); -@@ -530,20 +530,20 @@ update_connection (NMVpnPluginUiWidgetIn - if (str && strlen (str)) - nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str); - -- widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); -- if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { -- nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); -- } else { -+ //widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); -+ //if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { -+ // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); -+ //} else { - /* If DPD was disabled and now the user wishes to enable it, just - * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the - * default DPD idle time. Otherwise keep the original DPD idle timeout. - */ -- if (priv->orig_dpd_timeout >= 10) { -- char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); -- nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); -- g_free (tmp); -- } -- } -+ // if (priv->orig_dpd_timeout >= 10) { -+ // char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); -+ // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); -+ // g_free (tmp); -+ // } -+ //} - - upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); - gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES); -diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade ---- NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade 2010-06-04 17:50:13.000000000 -0400 -+++ NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade 2010-07-08 12:20:07.277052416 -0400 -@@ -1,7 +1,7 @@ -- -- -- -+ - -+ -+ - - window1 - -@@ -23,6 +23,7 @@ - - False - False -+ 0 - - - -@@ -37,18 +38,6 @@ - 6 - 6 - -- -- -- -- -- -- -- -- -- -- -- -- - - True - -@@ -74,10 +63,10 @@ - - - -+ Show passwords - True - True -- Show passwords -- 0 -+ False - True - - -@@ -197,6 +186,18 @@ - - - -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - - - -@@ -207,6 +208,7 @@ - - - False -+ 0 - - - -@@ -223,6 +225,7 @@ - - False - False -+ 0 - - - -@@ -237,47 +240,6 @@ - 6 - 6 - -- -- -- -- -- True -- True -- Disable Dead Peer Detection -- 0 -- True -- -- -- 1 -- 2 -- 4 -- 5 -- -- -- -- -- True -- -- -- -- 1 -- 2 -- 2 -- 3 -- -- -- -- -- True -- 0 -- Encryption method: -- -- -- 2 -- 3 -- -- -- - - True - 0 -@@ -326,27 +288,22 @@ - - - -- -- True -- 0 -- NAT traversal: -- -- -- 3 -- 4 -- -+ - - -- -- True -- -- -- -- 1 -- 2 -- 3 -- 4 -- -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - - - -diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c ---- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400 -+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-13 18:19:05.137333584 -0400 -@@ -212,12 +212,32 @@ openswan_watch_cb_auto (GPid pid, gint s - nm_warning ("openswan: ipsec auto died from an unknown cause"); - - /* Reap child if needed. */ -- waitpid (priv->pid_auto, NULL, WNOHANG); -- priv->pid_auto = 0; -+ //waitpid (priv->pid_auto, NULL, WNOHANG); -+ //priv->pid_auto = 0; -+ -+ waitpid (priv->pid, NULL, WNOHANG); -+ priv->pid = 0; -+ -+ /* Must be after data->state is set since signals use data->state */ -+ switch (error) { -+ case 2: -+ /* Couldn't log in due to bad user/pass */ -+ nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); -+ break; -+ case 1: -+ /* Other error (couldn't bind to address, etc) */ -+ nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED); -+ break; -+ default: -+ break; -+ } -+ -+ nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); - } - - - static gint -+//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) - nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - { - GPid pid, pid_auto; -@@ -257,14 +277,27 @@ nm_openswan_start_openswan_binary (NMOPE - } - g_ptr_array_free (openswan_argv, TRUE); - -+ nm_info ("openswan: ipsec started with pid %d", pid); -+ -+ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; -+ openswan_watch = g_child_watch_source_new (pid); -+ g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); -+ g_source_attach (openswan_watch, NULL); -+ g_source_unref (openswan_watch); -+ - sleep(2); - -- /*ipsec auto --up */ - openswan_argv = g_ptr_array_new (); - g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); - g_ptr_array_add (openswan_argv, (gpointer) "auto"); -- g_ptr_array_add (openswan_argv, (gpointer) "--up"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--add"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--config"); -+ g_ptr_array_add (openswan_argv, (gpointer) "-"); -+ //g_ptr_array_add (openswan_argv, (gpointer) "--up"); -+ //g_ptr_array_add (openswan_argv, (gpointer) "--name"); - g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); -+ //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); -+ //g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); - g_ptr_array_add (openswan_argv, NULL); - - if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, -@@ -277,13 +310,64 @@ nm_openswan_start_openswan_binary (NMOPE - } - g_ptr_array_free (openswan_argv, TRUE); - -- nm_info ("openswan: ipsec auto started with pid %d", pid_auto); -+ nm_info ("openswan: ipsec auto started with pid %d", pid_auto); - -- NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; -- openswan_watch = g_child_watch_source_new (pid_auto); -- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); -- g_source_attach (openswan_watch, NULL); -- g_source_unref (openswan_watch); -+ /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; -+ openswan_watch = g_child_watch_source_new (pid_auto); -+ g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); -+ g_source_attach (openswan_watch, NULL); -+ g_source_unref (openswan_watch);*/ -+ -+ return stdin_fd; -+} -+ -+ -+ -+static gint -+nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) -+{ -+ GPid pid; -+ const char **openswan_binary = NULL; -+ GPtrArray *openswan_argv; -+ gint stdin_fd; -+ -+ /* Find openswan ipsec */ -+ openswan_binary = openswan_binary_paths; -+ while (*openswan_binary != NULL) { -+ if (g_file_test (*openswan_binary, G_FILE_TEST_EXISTS)) -+ break; -+ openswan_binary++; -+ } -+ -+ if (!*openswan_binary) { -+ g_set_error (error, -+ NM_VPN_PLUGIN_ERROR, -+ NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, -+ "%s", -+ "Could not find openswan binary."); -+ return -1; -+ } -+ -+ openswan_argv = g_ptr_array_new (); -+ g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); -+ g_ptr_array_add (openswan_argv, (gpointer) "auto"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--up"); -+ g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); -+ g_ptr_array_add (openswan_argv, NULL); -+ -+ if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, -+ G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, &stdin_fd, -+ NULL, NULL, error)) { -+ -+ g_ptr_array_free (openswan_argv, TRUE); -+ nm_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); -+ return -1; -+ } -+ g_ptr_array_free (openswan_argv, TRUE); -+ -+ sleep(3); -+ -+ nm_info ("openswan: ipsec auto connection started with pid %d", pid); - - return stdin_fd; - } -@@ -318,8 +402,8 @@ write_one_property (const char *key, con - WriteConfigInfo *info = (WriteConfigInfo *) user_data; - GType type = G_TYPE_INVALID; - int i; -- const char *default_username; -- const char *props_username; -+ //const char *default_username; -+ //const char *props_username; - const char *leftid; - - if (info->error) -@@ -365,11 +449,11 @@ write_one_property (const char *key, con - //write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value); - - if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) { -- leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID); -+ leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID); - write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value); - } - -- if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { -+ /*if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { - default_username = nm_setting_vpn_get_user_name (info->s_vpn); - props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); - if ( default_username && strlen (default_username) -@@ -378,7 +462,7 @@ write_one_property (const char *key, con - } else { - write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value); - } -- } -+ }*/ - - } else if (type == G_TYPE_BOOLEAN) { - if (!strcmp (value, "yes")) { -@@ -414,22 +498,22 @@ write_one_property (const char *key, con - } - - static gboolean --nm_openswan_config_write (NMSettingVPN *s_vpn, -+nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, - GError **error) - { - WriteConfigInfo *info; - const char *props_username; - //const char *props_natt_mode; - const char *default_username; -- const char *pw_type; -+ //const char *pw_type; - gint fdtmp1=-1; -- gint conf_fd=-1; -- gint secret_fd=-1; -+ //gint conf_fd=-1; -+ //gint secret_fd=-1; - -- conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); -- secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); -+ //conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); -+ //secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); - -- fdtmp1 = conf_fd; -+ fdtmp1 = openswan_fd; - if(fdtmp1 != -1) { - write_config_option (fdtmp1, "conn nm-conn1\n"); - write_config_option (fdtmp1, " aggrmode=yes\n"); -@@ -454,8 +538,10 @@ nm_openswan_config_write (NMSettingVPN * - write_config_option (fdtmp1, " ike=aes-sha1\n"); - write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n"); - write_config_option (fdtmp1, " nm_configured=yes\n"); -- //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); -+ //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); - write_config_option (fdtmp1, " auto=add\n"); -+ //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); -+ //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); - } - - //default_username = nm_setting_vpn_get_user_name (s_vpn); -@@ -472,7 +558,49 @@ nm_openswan_config_write (NMSettingVPN * - - info = g_malloc0 (sizeof (WriteConfigInfo)); - //info->fd = openswan_fd; -- info->conf_fd = conf_fd; -+ //info->conf_fd = conf_fd; -+ info->conf_fd = openswan_fd; -+ //info->secret_fd = secret_fd; -+ info->s_vpn = s_vpn; -+ -+ /* Check for ignored user password */ -+ /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); -+ if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) -+ info->upw_ignored = TRUE;*/ -+ -+ /* Check for ignored group password */ -+ /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_PSK_INPUT_MODES); -+ if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) -+ info->gpw_ignored = TRUE;*/ -+ -+ nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); -+ //nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); -+ *error = info->error; -+ //close(conf_fd); -+ close(openswan_fd); -+ sleep(3); -+ //close(secret_fd); -+ g_free (info); -+ -+ return *error ? FALSE : TRUE; -+} -+ -+ -+static gboolean -+nm_openswan_config_secret_write (NMSettingVPN *s_vpn, -+ GError **error) -+{ -+ WriteConfigInfo *info; -+ //const char *props_username; -+ //const char *default_username; -+ const char *pw_type; -+ //gint fdtmp1=-1; -+ //gint conf_fd=-1; -+ gint secret_fd=-1; -+ -+ secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); -+ -+ info = g_malloc0 (sizeof (WriteConfigInfo)); - info->secret_fd = secret_fd; - info->s_vpn = s_vpn; - -@@ -486,16 +614,15 @@ nm_openswan_config_write (NMSettingVPN * - if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) - info->gpw_ignored = TRUE; - -- nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); - nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); - *error = info->error; -- close(conf_fd); - close(secret_fd); - g_free (info); - - return *error ? FALSE : TRUE; - } - -+ - static gboolean - real_connect (NMVPNPlugin *plugin, - NMConnection *connection, -@@ -514,13 +641,31 @@ real_connect (NMVPNPlugin *plugin, - if (!nm_openswan_secrets_validate (s_vpn, error)) - goto out; - -- if (!nm_openswan_config_write (s_vpn, error)) -- goto out; -+ if (!nm_openswan_config_secret_write (s_vpn, error)) -+ goto out; - - openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error); - if (openswan_fd < 0) - goto out; - -+ if (!nm_openswan_config_write (openswan_fd, s_vpn, error)) { -+ goto out; -+ } -+ else { -+ /*no error*/ -+ openswan_fd=-1; -+ } -+ -+ unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); -+ -+ openswan_fd = nm_openswan_start_openswan_connection (NM_OPENSWAN_PLUGIN (plugin), error); -+ if (openswan_fd < 0) -+ goto out; -+ -+ write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); -+ close(openswan_fd); -+ openswan_fd=-1; -+ - success = TRUE; - - out: -@@ -622,6 +767,9 @@ real_disconnect (NMVPNPlugin *plugin, - } - g_ptr_array_free (openswan_argv, TRUE); - -+ //unlink("/etc/ipsec.d/ipsec-nm-conn1.conf"); -+ //unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); -+ - return TRUE; - } - -diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c ---- NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c 2010-06-04 17:50:13.000000000 -0400 -+++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c 2010-07-06 15:10:51.737035482 -0400 -@@ -195,7 +195,7 @@ addr_list_to_gvalue (const char *str) - * PLUTO_MY_SOURCEIP -- address - * PLUTO_CISCO_DNS_INFO -- list of dns serverss - * PLUTO_CISCO_DOMAIN_INFO -- default domain name -- * PLUTO_SERVERBANNER -- banner from server -+ * PLUTO_PEER_BANNER -- banner from server - * - */ - int -@@ -288,7 +288,7 @@ main (int argc, char *argv[]) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val); - - /* Banner */ -- val = str_to_gvalue (getenv ("PLUTO_SERVERBANNER"), TRUE); -+ val = str_to_gvalue (getenv ("PLUTO_PEER_BANNER"), TRUE); - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val); - diff --git a/nm09.patch b/nm09.patch deleted file mode 100644 index f969463..0000000 --- a/nm09.patch +++ /dev/null @@ -1,359 +0,0 @@ -diff -up NetworkManager-openswan-0.8/properties/nm-openswan.c.nm09 NetworkManager-openswan-0.8/properties/nm-openswan.c ---- NetworkManager-openswan-0.8/properties/nm-openswan.c.nm09 2011-03-27 17:51:22.426710054 -0700 -+++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2011-03-27 17:58:58.457008890 -0700 -@@ -170,43 +170,41 @@ fill_vpn_passwords (OpenswanPluginUiWidg - char *password = NULL; - char *group_password = NULL; - -- /* Grab secrets from the keyring */ -+ /* Grab secrets from the connection or the keyring */ - if (connection) { - NMSettingConnection *s_con; - NMSettingVPN *s_vpn; -+ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; - const char *tmp; - -+ s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); -+ - s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); -+ if (s_vpn) { -+ tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD); -+ if (tmp) -+ password = gnome_keyring_memory_strdup (tmp); -+ -+ tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE); -+ if (tmp) -+ group_password = gnome_keyring_memory_strdup (tmp); -+ } - -- if (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_SYSTEM) { -- if (s_vpn) { -- tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD); -- if (tmp) -- password = gnome_keyring_memory_strdup (tmp); -- -- tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE); -- if (tmp) -- group_password = gnome_keyring_memory_strdup (tmp); -- } -- } else { -- s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); -- -- /* Lookup passwords in the keyring, and if they weren't there, try -- * the connection itself, which is where they'd be right after import. -- */ -+ nm_setting_get_secret_flags (NM_SETTING (s_vpn), OPENSWAN_USER_PASSWORD, &secret_flags, NULL); -+ if (!password && (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED)) { - keyring_helpers_get_one_secret (nm_setting_connection_get_uuid (s_con), -- OPENSWAN_USER_PASSWORD, -- &password, -- NULL); -- if (!password) -- password = gnome_keyring_memory_strdup (nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); -+ OPENSWAN_USER_PASSWORD, -+ &password, -+ NULL); -+ } - -+ secret_flags = NM_SETTING_SECRET_FLAG_NONE; -+ nm_setting_get_secret_flags (NM_SETTING (s_vpn), OPENSWAN_GROUP_PASSWORD, &secret_flags, NULL); -+ if (!group_password && (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED)) { - keyring_helpers_get_one_secret (nm_setting_connection_get_uuid (s_con), - OPENSWAN_GROUP_PASSWORD, - &group_password, - NULL); -- if (!group_password) -- group_password = gnome_keyring_memory_strdup (nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE)); - } - } - -@@ -300,6 +298,20 @@ pw_type_combo_changed_cb (GtkWidget *com - stuff_changed_cb (combo, self); - } - -+static const char * -+secret_flags_to_pw_type (NMSettingVPN *s_vpn, const char *key) -+{ -+ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; -+ -+ if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), key, &flags, NULL)) { -+ if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) -+ return NM_OPENSWAN_PW_TYPE_UNUSED; -+ if (flags & NM_SETTING_SECRET_FLAG_NOT_SAVED) -+ return NM_OPENSWAN_PW_TYPE_ASK; -+ } -+ return NM_OPENSWAN_PW_TYPE_SAVE; -+} -+ - static void - init_one_pw_combo (OpenswanPluginUiWidget *self, - NMSettingVPN *s_vpn, -@@ -330,6 +342,8 @@ init_one_pw_combo (OpenswanPluginUiWidge - store = gtk_list_store_new (1, G_TYPE_STRING); - if (s_vpn) - value = nm_setting_vpn_get_data_item (s_vpn, key); -+ if (!value) -+ value = secret_flags_to_pw_type (s_vpn, key); - - gtk_list_store_append (store, &iter); - gtk_list_store_set (store, &iter, 0, _("Saved"), -1); -@@ -485,26 +499,35 @@ get_widget (NMVpnPluginUiWidgetInterface - static guint32 - handle_one_pw_type (NMSettingVPN *s_vpn, GladeXML *xml, const char *name, const char *key) - { -+ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; - GtkWidget *widget; - guint32 pw_type; -+ const char *data_val = NULL; - - widget = glade_xml_get_widget (xml, name); - -+ nm_setting_get_secret_flags (NM_SETTING (s_vpn), key, &flags, NULL); -+ flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); -+ - pw_type = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); - switch (pw_type) { - case PW_TYPE_SAVE: -- nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_SAVE); -+ data_val = NM_OPENSWAN_PW_TYPE_SAVE; - break; - case PW_TYPE_UNUSED: -- nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_UNUSED); -+ data_val = NM_OPENSWAN_PW_TYPE_UNUSED; -+ flags |= NM_SETTING_SECRET_FLAG_NOT_REQUIRED; - break; - case PW_TYPE_ASK: - default: - pw_type = PW_TYPE_ASK; -- nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_ASK); -+ data_val = NM_OPENSWAN_PW_TYPE_ASK; -+ flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED; - break; - } - -+ nm_setting_vpn_add_data_item (s_vpn, key, data_val); -+ nm_setting_set_secret_flags (NM_SETTING (s_vpn), key, flags, NULL); - return pw_type; - } - -@@ -580,22 +603,17 @@ update_connection (NMVpnPluginUiWidgetIn - upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); - gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES); - -- /* System secrets get stored in the connection, user secrets are saved -- * via the save_secrets() hook. -- */ -- if (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_SYSTEM) { -- /* User password */ -- widget = glade_xml_get_widget (priv->xml, "user_password_entry"); -- str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); -- if (str && strlen (str) && (upw_type != PW_TYPE_UNUSED)) -- nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD, str); -- -- /* Group password */ -- widget = glade_xml_get_widget (priv->xml, "group_password_entry"); -- str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); -- if (str && strlen (str) && (gpw_type != PW_TYPE_UNUSED)) -- nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_PSK_VALUE, str); -- } -+ /* User password */ -+ widget = glade_xml_get_widget (priv->xml, "user_password_entry"); -+ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); -+ if (str && strlen (str) && (upw_type != PW_TYPE_UNUSED)) -+ nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD, str); -+ -+ /* Group password */ -+ widget = glade_xml_get_widget (priv->xml, "group_password_entry"); -+ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); -+ if (str && strlen (str) && (gpw_type != PW_TYPE_UNUSED)) -+ nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_PSK_VALUE, str); - - nm_connection_add_setting (connection, NM_SETTING (s_vpn)); - return TRUE; -@@ -642,24 +660,36 @@ save_secrets (NMVpnPluginUiWidgetInterfa - OpenswanPluginUiWidget *self = OPENSWAN_PLUGIN_UI_WIDGET (iface); - OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); - NMSettingConnection *s_con; -+ NMSettingVPN *s_vpn; - const char *id, *uuid; -+ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; - - s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); -- if (!s_con) { -+ s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); -+ if (!s_con || !s_vpn) { - g_set_error (error, - OPENSWAN_PLUGIN_UI_ERROR, - OPENSWAN_PLUGIN_UI_ERROR_INVALID_CONNECTION, -- "missing 'connection' setting"); -+ "missing connection or VPN settings"); - return FALSE; - } - - id = nm_setting_connection_get_id (s_con); - uuid = nm_setting_connection_get_uuid (s_con); - -- save_one_password (priv->xml, OPENSWAN_USER_PASSWORD, uuid, id, -- "user_password_entry", "user_pass_type_combo", "user password"); -- save_one_password (priv->xml, OPENSWAN_GROUP_PASSWORD, uuid, id, -- "group_password_entry", "group_pass_type_combo", "group password"); -+ if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_OPENSWAN_XAUTH_PASSWORD, &secret_flags, NULL)) { -+ if (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED) { -+ save_one_password (priv->xml, OPENSWAN_USER_PASSWORD, uuid, id, -+ "user_password_entry", "user_pass_type_combo", "user password"); -+ } -+ } -+ -+ if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_OPENSWAN_PSK_VALUE, &secret_flags, NULL)) { -+ if (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED) { -+ save_one_password (priv->xml, OPENSWAN_GROUP_PASSWORD, uuid, id, -+ "group_password_entry", "group_pass_type_combo", "group password"); -+ } -+ } - - return TRUE; - } -diff -up NetworkManager-openswan-0.8/src/nm-openswan-service.c.nm09 NetworkManager-openswan-0.8/src/nm-openswan-service.c ---- NetworkManager-openswan-0.8/src/nm-openswan-service.c.nm09 2011-03-27 17:50:42.579208216 -0700 -+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2011-03-27 17:59:44.777429804 -0700 -@@ -204,14 +204,14 @@ openswan_watch_cb_auto (GPid pid, gint s - if (WIFEXITED (status)) { - error = WEXITSTATUS (status); - if (error != 0) -- nm_warning ("openswan: ipsec auto exited with error code %d", error); -+ g_warning ("openswan: ipsec auto exited with error code %d", error); - } - else if (WIFSTOPPED (status)) -- nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); -+ g_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); - else if (WIFSIGNALED (status)) -- nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); -+ g_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); - else -- nm_warning ("openswan: ipsec auto died from an unknown cause"); -+ g_warning ("openswan: ipsec auto died from an unknown cause"); - - /* Reap child if needed. */ - //waitpid (priv->pid_auto, NULL, WNOHANG); -@@ -274,12 +274,12 @@ nm_openswan_start_openswan_binary (NMOPE - if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, - 0, NULL, NULL, &pid, error)) { - g_ptr_array_free (openswan_argv, TRUE); -- nm_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); -+ g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); - return -1; - } - g_ptr_array_free (openswan_argv, TRUE); - -- nm_info ("openswan: ipsec started with pid %d", pid); -+ g_message ("openswan: ipsec started with pid %d", pid); - - NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; - openswan_watch = g_child_watch_source_new (pid); -@@ -307,12 +307,12 @@ nm_openswan_start_openswan_binary (NMOPE - NULL, NULL, error)) { - - g_ptr_array_free (openswan_argv, TRUE); -- nm_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); -+ g_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); - return -1; - } - g_ptr_array_free (openswan_argv, TRUE); - -- nm_info ("openswan: ipsec auto started with pid %d", pid_auto); -+ g_message ("openswan: ipsec auto started with pid %d", pid_auto); - - /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; - openswan_watch = g_child_watch_source_new (pid_auto); -@@ -362,14 +362,14 @@ nm_openswan_start_openswan_connection (N - NULL, NULL, error)) { - - g_ptr_array_free (openswan_argv, TRUE); -- nm_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); -+ g_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); - return -1; - } - g_ptr_array_free (openswan_argv, TRUE); - - sleep(3); - -- nm_info ("openswan: ipsec auto connection started with pid %d", pid); -+ g_message ("openswan: ipsec auto connection started with pid %d", pid); - - return stdin_fd; - } -@@ -384,7 +384,7 @@ write_config_option (int fd, const char - string = g_strdup_vprintf (format, args); - - if ( write (fd, string, strlen (string)) == -1) { -- nm_warning ("nm-openswan: error in write_config_option"); -+ g_warning ("nm-openswan: error in write_config_option"); - } - - g_free (string); -@@ -497,7 +497,7 @@ write_one_property (const char *key, con - /* ignored */ - } else { - /* Just ignore unknown properties */ -- nm_warning ("Don't know how to write property '%s' with type %s", -+ g_warning ("Don't know how to write property '%s' with type %s", - (char *) key, g_type_name (type)); - } - } -@@ -784,7 +784,7 @@ real_disconnect (NMVPNPlugin *plugin, - if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, - 0, NULL, NULL, NULL, error)) { - g_ptr_array_free (openswan_argv, TRUE); -- nm_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); -+ g_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); - return -1; - } - g_ptr_array_free (openswan_argv, TRUE); -diff -up NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c.nm09 NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c ---- NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c.nm09 2011-03-27 17:50:51.747093599 -0700 -+++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c 2011-03-27 17:59:44.779429780 -0700 -@@ -48,7 +48,7 @@ helper_failed (DBusGConnection *connecti - DBusGProxy *proxy; - GError *err = NULL; - -- nm_warning ("nm-openswan-service-helper did not receive a valid %s from openswan", reason); -+ g_warning ("nm-openswan-service-helper did not receive a valid %s from openswan", reason); - - proxy = dbus_g_proxy_new_for_name (connection, - NM_DBUS_SERVICE_OPENSWAN, -@@ -61,7 +61,7 @@ helper_failed (DBusGConnection *connecti - G_TYPE_INVALID); - - if (err) { -- nm_warning ("Could not send failure information: %s", err->message); -+ g_warning ("Could not send failure information: %s", err->message); - g_error_free (err); - } - -@@ -88,7 +88,7 @@ send_ip4_config (DBusGConnection *connec - G_TYPE_INVALID); - - if (err) { -- nm_warning ("Could not send IPv4 configuration: %s", err->message); -+ g_warning ("Could not send IPv4 configuration: %s", err->message); - g_error_free (err); - } - -@@ -221,7 +221,7 @@ main (int argc, char *argv[]) - - connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &err); - if (!connection) { -- nm_warning ("Could not get the system bus: %s", err->message); -+ g_warning ("Could not get the system bus: %s", err->message); - exit (1); - } - -@@ -299,7 +299,7 @@ main (int argc, char *argv[]) - errno = 0; - mtu = strtol (tmp, NULL, 10); - if (errno || mtu < 0 || mtu > 20000) { -- nm_warning ("Ignoring invalid tunnel MTU '%s'", tmp); -+ g_warning ("Ignoring invalid tunnel MTU '%s'", tmp); - mtu = 1412; - } - } diff --git a/sources b/sources index bb77056..5200be9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8e44ef5492e5f5937dcb4a1a620d461b NetworkManager-openswan-0.8.tar.gz +d90c3539293d82febfe4f85d8f2bc5ff NetworkManager-openswan-0.8.999.tar.bz2 From 804e03524aa593bbe87cf4bbea447d7b243b973f Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Thu, 21 Jul 2011 10:38:02 -0500 Subject: [PATCH 14/37] Update to git snapshot --- NetworkManager-openswan.spec | 10 +++++++--- sources | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index df8a149..139df3c 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,12 +1,12 @@ %define openswan_version 2.6.27-1 -%define snapshot %{nil} +%define snapshot .git20110721 %define realversion 0.8.999 Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.8.999 -Release: 1%{snapshot}%{?dist} +Release: 2%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/ @@ -14,7 +14,7 @@ URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/ # Check out NetworkManager-openswan # "cd" to specfic fedora release # run "make test-srpm" -Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/%{name}-%{realversion}.tar.bz2 +Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/%{name}-%{realversion}%{snapshot}.tar.bz2 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: gtk3-devel @@ -67,6 +67,10 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Thu Jul 21 2011 Dan Williams - 0.8.999-2.git20110721 +- Update to git snapshot +- Fixes for secrets handling and saving + * Tue May 03 2011 Dan Williams - 0.8.999-1 - Update to 0.8.999 (0.9-rc2) - Port to GTK 3.0 and GtkBuilder diff --git a/sources b/sources index 5200be9..0246e54 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d90c3539293d82febfe4f85d8f2bc5ff NetworkManager-openswan-0.8.999.tar.bz2 +2c594da843f904317e36a05c5df1dd42 NetworkManager-openswan-0.8.999.git20110721.tar.bz2 From 7ca8c7c5d2b1c520a20e6870936bc4ae2913f4f7 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Fri, 26 Aug 2011 14:15:45 -0500 Subject: [PATCH 15/37] Update to 0.9.0 --- NetworkManager-openswan.spec | 12 ++++++++---- sources | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 139df3c..f68d062 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,12 +1,12 @@ %define openswan_version 2.6.27-1 -%define snapshot .git20110721 -%define realversion 0.8.999 +%define snapshot %{nil} +%define realversion 0.9.0 Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan -Version: 0.8.999 -Release: 2%{snapshot}%{?dist} +Version: 0.9.0 +Release: 1%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/ @@ -67,6 +67,10 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Fri Aug 26 2011 Dan Williams - 0.9.0-1 +- Update to 0.9.0 +- ui: translation fixes + * Thu Jul 21 2011 Dan Williams - 0.8.999-2.git20110721 - Update to git snapshot - Fixes for secrets handling and saving diff --git a/sources b/sources index 0246e54..9020027 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2c594da843f904317e36a05c5df1dd42 NetworkManager-openswan-0.8.999.git20110721.tar.bz2 +34c4f8eb06c03a79560de9e617ae8a3f NetworkManager-openswan-0.9.0.tar.bz2 From 1fd805d41d625de507741f185e99ee52a875dd02 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 6 Dec 2011 00:31:52 -0500 Subject: [PATCH 16/37] Rebuild for new libpng --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index f68d062..8d4d107 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.0 -Release: 1%{snapshot}%{?dist} +Release: 2%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/ @@ -67,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Tue Dec 06 2011 Adam Jackson - 0.9.0-2 +- Rebuild for new libpng + * Fri Aug 26 2011 Dan Williams - 0.9.0-1 - Update to 0.9.0 - ui: translation fixes From dfa60e20b9605e58ad7547ad5c8148c59a634a9b Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Thu, 12 Jan 2012 14:26:10 -0600 Subject: [PATCH 17/37] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 8d4d107..b570c0b 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -6,7 +6,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.0 -Release: 2%{snapshot}%{?dist} +Release: 3%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/ @@ -67,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Thu Jan 12 2012 Fedora Release Engineering - 0.9.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + * Tue Dec 06 2011 Adam Jackson - 0.9.0-2 - Rebuild for new libpng From 82256ced6d40ae5ebc66ba2569bad96b2a424d3c Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Fri, 2 Mar 2012 17:35:40 -0600 Subject: [PATCH 18/37] Update to 0.9.3.995 (0.9.4-beta1) --- NetworkManager-openswan.spec | 31 ++++++++++++++++++------------- sources | 2 +- 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index b570c0b..b93a6f4 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,30 +1,31 @@ +%define nm_version 1:0.9.2 %define openswan_version 2.6.27-1 -%define snapshot %{nil} -%define realversion 0.9.0 +%define snapshot .git20120302 +%define realversion 0.9.3.995 Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan -Version: 0.9.0 -Release: 3%{snapshot}%{?dist} +Version: 0.9.3.995 +Release: 1%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base -URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/ -# To get source, either download from the above url, or follow these commands -# Check out NetworkManager-openswan -# "cd" to specfic fedora release -# run "make test-srpm" -Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.8/%{name}-%{realversion}%{snapshot}.tar.bz2 +URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ +Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/%{name}-%{realversion}%{snapshot}.tar.bz2 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: gtk3-devel BuildRequires: dbus-devel -BuildRequires: NetworkManager-devel -BuildRequires: NetworkManager-glib-devel +BuildRequires: NetworkManager-devel >= %{nm_version} +BuildRequires: NetworkManager-glib-devel >= %{nm_version} +%if 0%{?fedora} > 16 +BuildRequires: libgnome-keyring-devel +%else BuildRequires: gnome-keyring-devel +%endif BuildRequires: intltool gettext -Requires: NetworkManager +Requires: NetworkManager >= %{nm_version} Requires: gnome-keyring Requires: openswan >= %{openswan_version} @@ -67,6 +68,10 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Fri Mar 2 2012 Dan Williams - 0.9.3.995-1 +- Update to 0.9.3.995 (0.9.4-beta1) +- ui: add support for external UI mode, eg GNOME Shell + * Thu Jan 12 2012 Fedora Release Engineering - 0.9.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild diff --git a/sources b/sources index 9020027..c728c43 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -34c4f8eb06c03a79560de9e617ae8a3f NetworkManager-openswan-0.9.0.tar.bz2 +0a7393fc3bc9e7c3ca48a4f0a352c4fe NetworkManager-openswan-0.9.3.995.git20120302.tar.bz2 From 19b38e63449738af5a19642d9a9950dc5d6412a4 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Fri, 27 Apr 2012 15:38:03 -0400 Subject: [PATCH 19/37] Ported rhel changes to fedora. --- NetworkManager-openswan.spec | 9 +- nm-openswan-changes.patch | 871 +++++++++++++++++++++++++++++++++++ 2 files changed, 879 insertions(+), 1 deletion(-) create mode 100644 nm-openswan-changes.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index b93a6f4..6c8c06a 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -7,13 +7,15 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.3.995 -Release: 1%{snapshot}%{?dist} +Release: 2%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/%{name}-%{realversion}%{snapshot}.tar.bz2 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +Patch1: nm-openswan-changes.patch + BuildRequires: gtk3-devel BuildRequires: dbus-devel BuildRequires: NetworkManager-devel >= %{nm_version} @@ -36,6 +38,8 @@ with NetworkManager and the GNOME desktop %prep %setup -q -n NetworkManager-openswan-%{realversion} +%patch1 -p1 + %build %configure --disable-static --enable-more-warnings=yes make %{?_smp_mflags} @@ -68,6 +72,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Fri Apr 27 2012 Avesh Agarwal - 0.9.3.995-2 +- Ported changes from rhel to fedora + * Fri Mar 2 2012 Dan Williams - 0.9.3.995-1 - Update to 0.9.3.995 (0.9.4-beta1) - ui: add support for external UI mode, eg GNOME Shell diff --git a/nm-openswan-changes.patch b/nm-openswan-changes.patch new file mode 100644 index 0000000..32cc7e0 --- /dev/null +++ b/nm-openswan-changes.patch @@ -0,0 +1,871 @@ +diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/import-file.c NetworkManager-openswan-0.9.3.995-current/properties/import-file.c +--- NetworkManager-openswan-0.9.3.995-patched/properties/import-file.c 1969-12-31 19:00:00.000000000 -0500 ++++ NetworkManager-openswan-0.9.3.995-current/properties/import-file.c 2012-03-08 13:22:46.668803936 -0500 +@@ -0,0 +1,279 @@ ++/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ ++/* NetworkManager -- Network link manager ++ * ++ * Copyright (C) 2012 Avesh Agarwal ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * (C) Copyright 2005 - 2008 Red Hat, Inc. ++ * (C) Copyright 2007 - 2008 Novell, Inc. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++#include "import-file.h" ++ ++static void ++import_entry_free (importEntry *entry) ++{ ++ if (entry) { ++ g_free (entry->key); ++ g_free (entry->value); ++ g_free (entry); ++ } ++} ++ ++gboolean ++import_file_lookup_int (GHashTable *import_file, ++ const char *group, ++ const char *key, ++ gint *value) ++{ ++ const char *buf = NULL; ++ long int tmp; ++ ++ g_return_val_if_fail (import_file != NULL, FALSE); ++ g_return_val_if_fail (group != NULL, FALSE); ++ g_return_val_if_fail (key != NULL, FALSE); ++ g_return_val_if_fail (value != NULL, FALSE); ++ ++ *value = 0; ++ if (!import_file_lookup_string (import_file, group, key, &buf)) ++ return FALSE; ++ ++ errno = 0; ++ tmp = strtol (buf, NULL, 10); ++ if ((errno == 0) && (tmp > G_MININT) && (tmp < G_MAXINT)) { ++ *value = (gint) tmp; ++ return TRUE; ++ } ++ ++ return FALSE; ++} ++ ++ ++gboolean ++import_file_lookup_string (GHashTable *import_file, ++ const char *group, ++ const char *key, ++ const char **value) ++{ ++ importEntry *entry; ++ ++ g_return_val_if_fail (import_file != NULL, FALSE); ++ g_return_val_if_fail (group != NULL, FALSE); ++ g_return_val_if_fail (key != NULL, FALSE); ++ g_return_val_if_fail (value != NULL, FALSE); ++ ++ *value = NULL; ++ entry = import_file_lookup (import_file, group, key); ++ if (!entry || !entry->value || !strlen (entry->value)) ++ return FALSE; ++ ++ *value = entry->value; ++ return TRUE; ++} ++ ++importEntry * ++import_file_lookup (GHashTable *import_file, ++ const char *group, ++ const char *key) ++{ ++ gpointer section; ++ importEntry *entry = NULL; ++ char *group_lower = NULL; ++ char *key_lower = NULL; ++ ++ g_return_val_if_fail (import_file != NULL, NULL); ++ g_return_val_if_fail (group != NULL, NULL); ++ g_return_val_if_fail (key != NULL, NULL); ++ ++ group_lower = g_utf8_strdown (group, -1); ++ section = g_hash_table_lookup (import_file, group_lower); ++ if (section) { ++ key_lower = g_utf8_strdown (key, -1); ++ entry = (importEntry *) g_hash_table_lookup ((GHashTable *) section, key_lower); ++ } ++ ++ g_free (group_lower); ++ g_free (key_lower); ++ ++ return entry; ++} ++ ++gboolean ++import_file_lookup_bool (GHashTable *import_file, ++ const char *group, ++ const char *key, ++ gboolean *value) ++{ ++ const char *buf = NULL; ++ gboolean success = FALSE; ++ ++ g_return_val_if_fail (import_file != NULL, FALSE); ++ g_return_val_if_fail (group != NULL, FALSE); ++ g_return_val_if_fail (key != NULL, FALSE); ++ g_return_val_if_fail (value != NULL, FALSE); ++ ++ *value = FALSE; ++ if (!import_file_lookup_string (import_file, group, key, &buf)) ++ return FALSE; ++ ++ if (strlen (buf) == 1) { ++ if (strcmp (buf, "1") == 0) { ++ *value = TRUE; ++ success = TRUE; ++ } else if (strcmp (buf, "0") == 0) { ++ *value = FALSE; ++ success = TRUE; ++ } ++ } else { ++ if ( !strncasecmp (buf, "yes", 3) ++ || !strncasecmp (buf, "true", 4)) { ++ *value = TRUE; ++ success = TRUE; ++ } else if ( !strncasecmp (buf, "no", 2) ++ || !strncasecmp (buf, "false", 5)) { ++ *value = FALSE; ++ success = TRUE; ++ } ++ } ++ ++ return success; ++} ++ ++ ++GHashTable * ++import_file_load (const char *fname) ++{ ++ FILE *fo; ++ unsigned line; ++ GHashTable *import; ++ GHashTable *group = NULL; ++ importEntry *entry; ++ char *key; ++ ++ g_return_val_if_fail (fname != NULL, NULL); ++ ++ if (!(fo = fopen (fname, "r"))) { ++ g_warning ("Failed to open file '%s': %s", fname, strerror (errno)); ++ return NULL; ++ } ++ ++ import = g_hash_table_new_full (g_str_hash, g_str_equal, ++ g_free, ++ (GDestroyNotify) g_hash_table_destroy); ++ ++ line = 0; ++ while (!feof (fo)) { ++ char ln[1024]; /* 4x what we think to allow for possible UTF-8 conversion */ ++ char *s, *e; ++ ++ if (!(fgets (ln, sizeof (ln) / 4, fo))) ++ break; ++ ++ line++; ++ ++ if (!g_utf8_validate (ln, -1, NULL)) { ++ char *tmp; ++ GError *error = NULL; ++ ++ tmp = g_locale_to_utf8 (ln, -1, NULL, NULL, &error); ++ if (error) { ++ /* ignore the error; leave 'ln' alone. We tried. */ ++ g_error_free (error); ++ } else { ++ g_assert (tmp); ++ strcpy (ln, tmp); /* update ln with the UTF-8 safe text */ ++ } ++ g_free (tmp); ++ } ++ ++ s = ln + strspn (ln, " \t"); ++ s[strcspn (s, "\r\n")] = 0; ++ ++ /* Skip comments*/ ++ if (*s == '#') ++ continue; ++ ++ /* empty line means the connection definition finished*/ ++ if (*s == 0) ++ break; ++ ++ if ( (e = strstr(s, "conn"))) { ++ /* new group */ ++ ++ /* conn */ ++ /* here we go at the start of space character before */ ++ /* statement *(e++)=0 makes space a 0 and advances to the name or key value*/ ++ e += strlen("conn"); ++ group = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, ++ (GDestroyNotify) import_entry_free); ++ ++ g_hash_table_insert (import, g_utf8_strdown ("conn", -1), group); ++ ++ } else { ++ /* Normal assignment */ ++ if (!(e = strchr (s, '='))) { ++ g_warning ("Missing assignment in %s:%u: <%s>", fname, line, s); ++ goto fail; ++ } ++ ++ if (!group) { ++ g_warning ("Assignment outside group in %s:%u <%s>", fname, line, s); ++ goto fail; ++ } ++ } ++ ++ /* Split the key and the value */ ++ *(e++) = 0; ++ ++ entry = g_new (importEntry, 1); ++ entry->value = g_strdup (g_strstrip (e)); ++ ++ if (*s == ' ') { ++ key = g_utf8_strdown (s+1, -1); ++ } else { ++ key = g_utf8_strdown (s, -1); ++ } ++ ++ entry->read_only = FALSE; ++ entry->key = g_strdup (g_strstrip (key)); ++ g_free (key); ++ g_hash_table_insert (group, entry->key, entry); ++ } ++ ++ /* Contains a main section? */ ++ if (!g_hash_table_lookup (import, "conn")) ++ goto fail; ++ ++ fclose (fo); ++ ++ return import; ++ ++fail: ++ ++ if (fo) ++ fclose (fo); ++ ++ if (import) ++ g_hash_table_destroy (import); ++ ++ return NULL; ++} +diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/import-file.h NetworkManager-openswan-0.9.3.995-current/properties/import-file.h +--- NetworkManager-openswan-0.9.3.995-patched/properties/import-file.h 1969-12-31 19:00:00.000000000 -0500 ++++ NetworkManager-openswan-0.9.3.995-current/properties/import-file.h 2012-03-08 13:22:46.679803934 -0500 +@@ -0,0 +1,58 @@ ++/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ ++/* NetworkManager -- Network link manager ++ * ++ * Copyright (C) 2012 Avesh Agarwal ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * (C) Copyright 2005 - 2008 Red Hat, Inc. ++ * (C) Copyright 2007 - 2008 Novell, Inc. ++ */ ++ ++#ifndef IMPORT_FILE_H ++#define IMPORT_FILE_H ++ ++#include ++ ++typedef struct importEntry importEntry; ++ ++struct importEntry { ++ char *key; ++ char *value; ++ gboolean read_only; ++}; ++ ++GHashTable *import_file_load (const char *fname); ++importEntry *import_file_lookup (GHashTable *import_file, ++ const char *group, ++ const char *key); ++ ++gboolean import_file_lookup_string (GHashTable *import_file, ++ const char *group, ++ const char *key, ++ const char **value); ++ ++gboolean import_file_lookup_bool (GHashTable *import_file, ++ const char *group, ++ const char *key, ++ gboolean *value); ++ ++gboolean import_file_lookup_int (GHashTable *import_file, ++ const char *group, ++ const char *key, ++ gint *value); ++ ++#endif /* IMPORT_FILE_H */ ++ +diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/Makefile.am NetworkManager-openswan-0.9.3.995-current/properties/Makefile.am +--- NetworkManager-openswan-0.9.3.995-patched/properties/Makefile.am 2012-03-08 13:19:14.504858594 -0500 ++++ NetworkManager-openswan-0.9.3.995-current/properties/Makefile.am 2012-03-08 13:20:10.987843635 -0500 +@@ -4,6 +4,8 @@ plugindir = $(libdir)/NetworkManager + plugin_LTLIBRARIES = libnm-openswan-properties.la + + libnm_openswan_properties_la_SOURCES = \ ++ import-file.c \ ++ import-file.h \ + nm-openswan.c \ + nm-openswan.h + +diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/Makefile.in NetworkManager-openswan-0.9.3.995-current/properties/Makefile.in +--- NetworkManager-openswan-0.9.3.995-patched/properties/Makefile.in 2012-03-08 13:19:14.504858594 -0500 ++++ NetworkManager-openswan-0.9.3.995-current/properties/Makefile.in 2012-03-08 13:24:53.908773055 -0500 +@@ -76,6 +76,7 @@ am__DEPENDENCIES_1 = + libnm_openswan_properties_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) + am_libnm_openswan_properties_la_OBJECTS = \ ++ libnm_openswan_properties_la-import-file.lo \ + libnm_openswan_properties_la-nm-openswan.lo + libnm_openswan_properties_la_OBJECTS = \ + $(am_libnm_openswan_properties_la_OBJECTS) +@@ -257,6 +258,8 @@ INCLUDES = -I${top_srcdir} + plugindir = $(libdir)/NetworkManager + plugin_LTLIBRARIES = libnm-openswan-properties.la + libnm_openswan_properties_la_SOURCES = \ ++ import-file.c \ ++ import-file.h \ + nm-openswan.c \ + nm-openswan.h + +@@ -356,6 +359,7 @@ mostlyclean-compile: + distclean-compile: + -rm -f *.tab.c + ++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnm_openswan_properties_la-import-file.Plo@am__quote@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnm_openswan_properties_la-nm-openswan.Plo@am__quote@ + + .c.o: +@@ -382,6 +386,13 @@ distclean-compile: + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ + @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + ++libnm_openswan_properties_la-import-file.lo: import-file.c ++@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libnm_openswan_properties_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libnm_openswan_properties_la-import-file.lo -MD -MP -MF $(DEPDIR)/libnm_openswan_properties_la-import-file.Tpo -c -o libnm_openswan_properties_la-import-file.lo `test -f 'import-file.c' || echo '$(srcdir)/'`import-file.c ++@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libnm_openswan_properties_la-import-file.Tpo $(DEPDIR)/libnm_openswan_properties_la-import-file.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='import-file.c' object='libnm_openswan_properties_la-import-file.lo' libtool=yes @AMDEPBACKSLASH@ ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ ++@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libnm_openswan_properties_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libnm_openswan_properties_la-import-file.lo `test -f 'import-file.c' || echo '$(srcdir)/'`import-file.c ++ + libnm_openswan_properties_la-nm-openswan.lo: nm-openswan.c + @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libnm_openswan_properties_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libnm_openswan_properties_la-nm-openswan.lo -MD -MP -MF $(DEPDIR)/libnm_openswan_properties_la-nm-openswan.Tpo -c -o libnm_openswan_properties_la-nm-openswan.lo `test -f 'nm-openswan.c' || echo '$(srcdir)/'`nm-openswan.c + @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libnm_openswan_properties_la-nm-openswan.Tpo $(DEPDIR)/libnm_openswan_properties_la-nm-openswan.Plo +diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/nm-openswan.c NetworkManager-openswan-0.9.3.995-current/properties/nm-openswan.c +--- NetworkManager-openswan-0.9.3.995-patched/properties/nm-openswan.c 2012-03-08 13:19:14.496858605 -0500 ++++ NetworkManager-openswan-0.9.3.995-current/properties/nm-openswan.c 2012-03-09 11:50:25.216469375 -0500 +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -43,6 +44,7 @@ + + #include "src/nm-openswan-service.h" + #include "nm-openswan.h" ++#include "import-file.h" + + #define OPENSWAN_PLUGIN_NAME _("IPsec based VPN") + #define OPENSWAN_PLUGIN_DESC _("IPsec, IKEv1, IKEv2 based VPN") +@@ -120,6 +122,81 @@ openswan_plugin_ui_error_get_type (void) + return etype; + } + ++/* This function verifies if the input string represents a valid ++ * ipv4 or not, only if the string is a ipv4 address otherwise consider ++ * the string a hostname or ipv6 address and returns true ++ */ ++static gboolean ++valid_ip_if_ip(const char *str) ++{ ++ ++ char *tmp; ++ /* nlabels counts number of parts seprated by dots*/ ++ int nlabels=0, i=0; ++ char tmp_str[1024]; ++ long int tmp_li; ++ gboolean all_valid_numbers = TRUE; ++ ++ tmp = (char *)str; ++ ++ /* assumption is that an ip address must have either a dot or a digit */ ++ while(*tmp) { ++ tmp_str[i++] = *tmp; ++ ++ /* This means this may be hostname or IPV6 return TRUE*/ ++ if(*tmp != '.' && !isdigit(*tmp)) { ++ return TRUE; ++ } ++ ++ if (*tmp == '.' || *(tmp+1) == '\0' ) { ++ ++ if(*tmp == '.') { ++ tmp_str[i-1]='\0'; ++ } ++ else { ++ tmp_str[i] = '\0'; ++ } ++ nlabels++; ++ /* check length of this part for valid ip, maximum is 3 (255) */ ++ /* !strlen(tmp_str) tests if tmp_str does not contain anything for example 10.. ++ * or similar to this */ ++ if (strlen(tmp_str) > 3 || !strlen(tmp_str)) { ++ /* this means a part of string has all digits ++ * but is not valid for ipv4 address */ ++ all_valid_numbers = FALSE; ++ } ++ else { ++ tmp_li = strtol(tmp_str, (char **) NULL, 10); ++ if( tmp_li < 0 || tmp_li > 255) { ++ all_valid_numbers = FALSE; ++ } ++ } ++ ++ /*proceed to process another part if not reached to end of string*/ ++ i=0; ++ } ++ tmp++; ++ } ++ ++ /* if flow comes here that means all are either digits or dots, now check for validity*/ ++ /* check if there are not 4 part separetd by dots then it is an invalid an ip address, ++ * otherwise consider it as a hostname and return true. ++ * last character should not be dot that is invalid ip ++ */ ++ if(nlabels != 4 || *(tmp-1) == '.') { ++ return FALSE; ++ } ++ /* Now check if all the parts are valid integers as per ip address */ ++ else if (all_valid_numbers){ ++ /* this means it is a valid IP address*/ ++ return TRUE; ++ ++ } ++ else { ++ /* This is invalid ip address*/ ++ return FALSE; ++ } ++} + + static gboolean + check_validity (OpenswanPluginUiWidget *self, GError **error) +@@ -130,7 +207,7 @@ check_validity (OpenswanPluginUiWidget * + + widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry")); + str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); +- if (!str || !strlen (str) || strstr (str, " ") || strstr (str, "\t")) { ++ if (!str || !strlen (str) || strstr (str, " ") || strstr (str, "\t") || !valid_ip_if_ip(str)) { + g_set_error (error, + OPENSWAN_PLUGIN_UI_ERROR, + OPENSWAN_PLUGIN_UI_ERROR_INVALID_PROPERTY, +@@ -700,6 +777,275 @@ get_capabilities (NMVpnPluginUiInterface + return (NM_VPN_PLUGIN_UI_CAPABILITY_IMPORT | NM_VPN_PLUGIN_UI_CAPABILITY_EXPORT); + } + ++static NMConnection * ++import_from_file (NMVpnPluginUiInterface *iface, const char *path, GError **error) ++{ ++ NMConnection *connection; ++ NMSettingConnection *s_con; ++ NMSettingVPN *s_vpn; ++ GHashTable *import; ++ const char *buf; ++ gboolean bool_value; ++ NMSettingIP4Config *s_ip4; ++ ++ import = import_file_load (path); ++ if (!import) { ++ g_set_error (error, 0, 0, "does not look like a %s openswan connection (parse failed)", ++ OPENSWAN_PLUGIN_NAME); ++ return NULL; ++ } ++ ++ connection = nm_connection_new (); ++ s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ()); ++ nm_connection_add_setting (connection, NM_SETTING (s_con)); ++ ++ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); ++ g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_OPENSWAN, NULL); ++ nm_connection_add_setting (connection, NM_SETTING (s_vpn)); ++ ++ s_ip4 = NM_SETTING_IP4_CONFIG (nm_setting_ip4_config_new ()); ++ nm_connection_add_setting (connection, NM_SETTING (s_ip4)); ++ ++ /* Connection name */ ++ if (import_file_lookup_string (import, "conn", "conn", &buf)) ++ g_object_set (s_con, NM_SETTING_CONNECTION_ID, buf, NULL); ++ else { ++ g_set_error (error, 0, 0, "connection name error for %s VPN connection (parse failed)", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ ++ /* Gateway */ ++ if (import_file_lookup_string (import, "conn", "right", &buf)) ++ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_RIGHT, buf); ++ else { ++ g_set_error (error, 0, 0, "does not look like a %s openswan connection (no gateway specified)", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ ++ /* Group name */ ++ if (import_file_lookup_string (import, "conn", "leftid", &buf)) { ++ if(*buf == '@') { ++ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTID, buf+1); ++ } ++ else { ++ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTID, buf); ++ } ++ } ++ else { ++ g_set_error (error, 0, 0, "does not look like a %s openswan connection (no GroupName)", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ ++ ++ /* Optional settings */ ++ ++ /* aggressive mode*/ ++ if (import_file_lookup_bool (import, "conn", "aggrmode", &bool_value)) { ++ if (!bool_value) { ++ g_set_error (error, 0, 0, "(aggrmode=yes) must be specified for %s openswan connection", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ } ++ ++ /* authentication method */ ++ if (import_file_lookup_string (import, "conn", "authby", &buf)) { ++ if(strcmp(buf, "secret")) { ++ g_set_error (error, 0, 0, "only authby=secret is supported for %s openswan connection", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ ++ } ++ ++ /* xauth client mode */ ++ if (import_file_lookup_bool (import, "conn", "leftxauthclient", &bool_value)) { ++ if (!bool_value) { ++ g_set_error (error, 0, 0, "(leftxauthclient=yes) must be specified for %s openswan connection", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ } ++ ++ /* mode cfg client mode */ ++ if (import_file_lookup_bool (import, "conn", "leftmodecfgclient", &bool_value)) { ++ if (!bool_value) { ++ g_set_error (error, 0, 0, "(leftmodecfgclient=yes) must be specified for %s openswan connection", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ } ++ ++ ++ /* remote peer type */ ++ if (import_file_lookup_string (import, "conn", "remote_peer_type", &buf)) { ++ if(strcmp(buf, "cisco")) { ++ g_set_error (error, 0, 0, "remote_peer_type must only be of type cisco is supported for %s openswan connection", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ ++ } ++ ++ /* xauth user name*/ ++ if (import_file_lookup_string (import, "conn", "leftxauthusername", &buf)) { ++ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER, buf); ++ } ++ ++ /* xauth server mode */ ++ if (import_file_lookup_bool (import, "conn", "rightxauthserver", &bool_value)) { ++ if (!bool_value) { ++ g_set_error (error, 0, 0, "(rightxauthserver=yes) should be specified for %s openswan connection", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ } ++ ++ /* mode cfg server mode */ ++ if (import_file_lookup_bool (import, "conn", "rightmodecfgserver", &bool_value)) { ++ if (!bool_value) { ++ g_set_error (error, 0, 0, "(rightmodecfgserver=yes) should be specified for %s openswan connection", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ } ++ ++ /* network manager type connection*/ ++ if (import_file_lookup_bool (import, "conn", "nm_configured", &bool_value)) { ++ if (!bool_value) { ++ g_set_error (error, 0, 0, "(nm_configured=yes) should be specified for %s openswan connection", ++ OPENSWAN_PLUGIN_NAME); ++ g_object_unref (connection); ++ return NULL; ++ } ++ } ++ ++ /* IKE algorithms*/ ++ if (import_file_lookup_string (import, "conn", "ike", &buf)) { ++ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_IKE, buf); ++ } ++ ++ /* ESP algorithms*/ ++ if (import_file_lookup_string (import, "conn", "esp", &buf)) { ++ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_ESP, buf); ++ } ++ ++ ++ /* Connection name */ ++ /*if (import_file_lookup_string (import, "main", "Description", &buf)) ++ g_object_set (s_con, NM_SETTING_CONNECTION_ID, buf, NULL);*/ ++ ++ g_hash_table_destroy (import); ++ ++ return connection; ++} ++ ++static gboolean ++export_to_file (NMVpnPluginUiInterface *iface, ++ const char *path, ++ NMConnection *connection, ++ GError **error) ++{ ++ ++ NMSettingConnection *s_con; ++ NMSettingVPN *s_vpn; ++ FILE *f; ++ const char *value=NULL; ++ const char *default_username=NULL; ++ const char *groupname=NULL; ++ const char *gateway=NULL; ++ const char *phase1_alg_str=NULL; ++ const char *phase2_alg_str=NULL; ++ gboolean success = FALSE; ++ ++ s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); ++ s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); ++ ++ f = fopen (path, "w"); ++ if (!f) { ++ g_set_error (error, 0, 0, "could not open file for writing"); ++ return FALSE; ++ } ++ ++ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_RIGHT); ++ if (value && strlen (value)) ++ gateway = value; ++ else { ++ g_set_error (error, 0, 0, "Openswan connection is missing gateway"); ++ goto done; ++ } ++ ++ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTID); ++ if (value && strlen (value)) ++ groupname = value; ++ else { ++ g_set_error (error, 0, 0, "Openswan connection is missing group name"); ++ goto done; ++ } ++ ++ default_username = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); ++ if ( !default_username || !strlen(default_username)) { ++ default_username = nm_setting_vpn_get_user_name (s_vpn); ++ } ++ ++ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE); ++ if(value && strlen (value)) { ++ phase1_alg_str=value; ++ } ++ ++ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP); ++ if(value && strlen (value)) { ++ phase2_alg_str=value; ++ } ++ ++ fprintf(f, ++ "conn %s\n" ++ " aggrmode=yes\n" ++ " authby=secret\n" ++ " left=%%defaultroute\n" ++ " leftid=@%s\n" ++ " leftxauthclient=yes\n" ++ " leftmodecfgclient=yes\n" ++ " leftxauthusername=%s\n" ++ " right=%s\n" ++ " remote_peer_type=cisco\n" ++ " rightxauthserver=yes\n" ++ " rightmodecfgserver=yes\n" ++ " nm_configured=yes\n" ++ " rekey=no\n" ++ " salifetime=24h\n" ++ " ikelifetime=24h\n" ++ " keyingtries=1\n" ++ " ike=%s\n" ++ " esp=%s\n" ++ " auto=add\n", ++ nm_setting_connection_get_id (s_con), ++ groupname ? groupname: "", ++ default_username ? default_username : "", ++ gateway ? gateway : "", ++ phase1_alg_str ? phase1_alg_str : "aes-sha1", ++ phase2_alg_str ? phase2_alg_str : "aes-sha1;modp1024"); ++ ++ success = TRUE; ++done: ++ fclose (f); ++ return success; ++ ++} ++ + static NMVpnPluginUiWidgetInterface * + ui_factory (NMVpnPluginUiInterface *iface, NMConnection *connection, GError **error) + { +@@ -757,8 +1103,8 @@ openswan_plugin_ui_interface_init (NMVpn + /* interface implementation */ + iface_class->ui_factory = ui_factory; + iface_class->get_capabilities = get_capabilities; +- iface_class->import_from_file = NULL; +- iface_class->export_to_file = NULL; ++ iface_class->import_from_file = import_from_file; ++ iface_class->export_to_file = export_to_file; + iface_class->get_suggested_name = NULL; + } + +diff -urNp NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service.c NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service.c +--- NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service.c 2012-03-08 13:19:14.506858601 -0500 ++++ NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service.c 2012-03-08 13:21:56.012816653 -0500 +@@ -575,6 +575,10 @@ nm_openswan_config_write (gint openswan_ + } + + write_config_option (fdtmp1, " nm_configured=yes\n"); ++ write_config_option (fdtmp1, " rekey=yes\n"); ++ write_config_option (fdtmp1, " salifetime=24h\n"); ++ write_config_option (fdtmp1, " ikelifetime=24h\n"); ++ write_config_option (fdtmp1, " keyingtries=1\n"); + //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); + write_config_option (fdtmp1, " auto=add\n"); + //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); +diff -urNp NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service-helper.c NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service-helper.c +--- NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service-helper.c 2012-03-08 13:19:14.506858601 -0500 ++++ NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service-helper.c 2012-03-09 11:56:33.731311772 -0500 +@@ -71,6 +71,34 @@ helper_failed (DBusGConnection *connecti + } + + static void ++helper_disconnect (DBusGConnection *connection, const char *reason) ++{ ++ DBusGProxy *proxy; ++ GError *err = NULL; ++ ++ g_warning ("nm-openswan-service-helper received %s from openswan", reason); ++ ++ proxy = dbus_g_proxy_new_for_name (connection, ++ NM_DBUS_SERVICE_OPENSWAN, ++ NM_VPN_DBUS_PLUGIN_PATH, ++ NM_VPN_DBUS_PLUGIN_INTERFACE); ++ ++ dbus_g_proxy_call (proxy, "Disconnect", &err, ++ G_TYPE_INVALID, G_TYPE_INVALID, ++ G_TYPE_INVALID, ++ G_TYPE_INVALID); ++ ++ if (err) { ++ g_warning ("Could not send failure information: %s", err->message); ++ g_error_free (err); ++ } ++ ++ g_object_unref (proxy); ++ ++ exit (1); ++} ++ ++static void + send_ip4_config (DBusGConnection *connection, GHashTable *config) + { + DBusGProxy *proxy; +@@ -215,16 +243,19 @@ main (int argc, char *argv[]) + * don't proceed unless its "connect". + */ + tmp = getenv ("openswan_reason"); +- if (tmp && strcmp (tmp, "connect") != 0) +- exit (0); ++ if (tmp == NULL || ( strcmp (tmp, "connect") != 0 && strcmp (tmp, "disconnect") != 0)) ++ exit (0); + +- + connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &err); + if (!connection) { + g_warning ("Could not get the system bus: %s", err->message); + exit (1); + } + ++ if( strcmp (tmp, "disconnect") == 0 ) { ++ helper_disconnect (connection, "disconnect"); ++ } ++ + config = g_hash_table_new (g_str_hash, g_str_equal); + + From d21efff2a309abf8cfc60a970e233f3c181fde09 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 18 Jul 2012 08:43:48 -0500 Subject: [PATCH 20/37] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 6c8c06a..fb51eaf 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -7,7 +7,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.3.995 -Release: 2%{snapshot}%{?dist} +Release: 3%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ @@ -72,6 +72,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Wed Jul 18 2012 Fedora Release Engineering - 0.9.3.995-3.git20120302 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + * Fri Apr 27 2012 Avesh Agarwal - 0.9.3.995-2 - Ported changes from rhel to fedora From 11540ab009719617bd85afa795274951b4a3c6ea Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Thu, 13 Dec 2012 15:12:30 -0500 Subject: [PATCH 21/37] Resolves: #845599, #865883 --- NetworkManager-openswan.spec | 7 +++++- nm-openswan-845599-865883.patch | 40 +++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 nm-openswan-845599-865883.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index fb51eaf..9499823 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -7,7 +7,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.3.995 -Release: 3%{snapshot}%{?dist} +Release: 4%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ @@ -15,6 +15,7 @@ Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/% BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Patch1: nm-openswan-changes.patch +Patch2: nm-openswan-845599-865883.patch BuildRequires: gtk3-devel BuildRequires: dbus-devel @@ -39,6 +40,7 @@ with NetworkManager and the GNOME desktop %setup -q -n NetworkManager-openswan-%{realversion} %patch1 -p1 +%patch2 -p1 %build %configure --disable-static --enable-more-warnings=yes @@ -72,6 +74,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Thu Dec 13 2012 Avesh Agarwal - 0.9.3.995-4 +Resolves: #845599, #865883 + * Wed Jul 18 2012 Fedora Release Engineering - 0.9.3.995-3.git20120302 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild diff --git a/nm-openswan-845599-865883.patch b/nm-openswan-845599-865883.patch new file mode 100644 index 0000000..4787970 --- /dev/null +++ b/nm-openswan-845599-865883.patch @@ -0,0 +1,40 @@ +diff -urNp NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service.h NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service.h +--- NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service.h 2012-10-18 12:46:37.007411996 -0400 ++++ NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service.h 2012-12-13 14:59:40.872675723 -0500 +@@ -54,6 +54,10 @@ + #define NM_OPENSWAN_PW_TYPE_ASK "ask" + #define NM_OPENSWAN_PW_TYPE_UNUSED "unused" + ++#ifndef NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE ++#define NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE "_none_" ++#endif ++ + typedef struct { + NMVPNPlugin parent; + } NMOPENSWANPlugin; +diff -urNp NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service-helper.c NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service-helper.c +--- NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service-helper.c 2012-10-18 12:46:49.758445398 -0400 ++++ NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service-helper.c 2012-12-13 14:59:07.560696232 -0500 +@@ -266,13 +266,15 @@ main (int argc, char *argv[]) + else + helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)"); + +- /* Tunnel device */ +- //val = str_to_gvalue (getenv ("TUNDEV"), FALSE); +- val = str_to_gvalue ("tun0", FALSE); +- if (val) +- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); +- else +- helper_failed (connection, "Tunnel Device"); ++ /* ++ * Tunnel device ++ * Indicate that openswan plugin doesn't use tun/tap device ++ */ ++ val = g_slice_new0 (GValue); ++ g_value_init (val, G_TYPE_STRING); ++ g_value_set_string (val, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE); ++ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); ++ + + /* IP address */ + val = addr_to_gvalue (getenv ("PLUTO_MY_SOURCEIP")); From 338b40143a25d20a6382b5d78b844112f4d95461 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 13 Feb 2013 09:26:42 -0600 Subject: [PATCH 22/37] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 9499823..1131d2c 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -7,7 +7,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.3.995 -Release: 4%{snapshot}%{?dist} +Release: 5%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ @@ -74,6 +74,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Wed Feb 13 2013 Fedora Release Engineering - 0.9.3.995-5.git20120302 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + * Thu Dec 13 2012 Avesh Agarwal - 0.9.3.995-4 Resolves: #845599, #865883 From 9f0f37527df307412ff5fa28a3153f8f18bc639e Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 2 Aug 2013 17:59:10 -0500 Subject: [PATCH 23/37] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 1131d2c..10e84cc 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -7,7 +7,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.3.995 -Release: 5%{snapshot}%{?dist} +Release: 6%{snapshot}%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ @@ -74,6 +74,9 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Fri Aug 02 2013 Fedora Release Engineering - 0.9.3.995-6.git20120302 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Wed Feb 13 2013 Fedora Release Engineering - 0.9.3.995-5.git20120302 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild From 4e17cba0a56411d748b901d48be48250b27d6cfc Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Mon, 5 Aug 2013 18:35:25 -0400 Subject: [PATCH 24/37] Rebase to latest upstream version 0.9.8.0 - Fixed several issues with the packaging --- .gitignore | 2 + NetworkManager-openswan.spec | 23 +- nm-openswan-845599-865883.patch | 40 -- nm-openswan-changes.patch | 871 -------------------------------- sources | 3 +- 5 files changed, 13 insertions(+), 926 deletions(-) delete mode 100644 nm-openswan-845599-865883.patch delete mode 100644 nm-openswan-changes.patch diff --git a/.gitignore b/.gitignore index 09f016e..6f4e6a5 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ NetworkManager-openswan-0.8.tar.gz +/NetworkManager-openswan-0.9.8.0.sha256sum +/NetworkManager-openswan-0.9.8.0.tar.xz diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 10e84cc..981cd60 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,27 +1,22 @@ %define nm_version 1:0.9.2 -%define openswan_version 2.6.27-1 -%define snapshot .git20120302 -%define realversion 0.9.3.995 +%define realversion 0.9.8.0 Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan -Version: 0.9.3.995 -Release: 6%{snapshot}%{?dist} +Version: 0.9.8.0 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ -Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/%{name}-%{realversion}%{snapshot}.tar.bz2 +Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/%{name}-%{realversion}.tar.xz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) -Patch1: nm-openswan-changes.patch -Patch2: nm-openswan-845599-865883.patch - BuildRequires: gtk3-devel BuildRequires: dbus-devel BuildRequires: NetworkManager-devel >= %{nm_version} BuildRequires: NetworkManager-glib-devel >= %{nm_version} -%if 0%{?fedora} > 16 +%if 0%{?fedora} > 16 || 0%{?rhel} >= 7 BuildRequires: libgnome-keyring-devel %else BuildRequires: gnome-keyring-devel @@ -30,7 +25,6 @@ BuildRequires: intltool gettext Requires: NetworkManager >= %{nm_version} Requires: gnome-keyring -Requires: openswan >= %{openswan_version} %description This package contains software for integrating the openswan VPN software @@ -39,9 +33,6 @@ with NetworkManager and the GNOME desktop %prep %setup -q -n NetworkManager-openswan-%{realversion} -%patch1 -p1 -%patch2 -p1 - %build %configure --disable-static --enable-more-warnings=yes make %{?_smp_mflags} @@ -74,6 +65,10 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/gnome-vpn-properties/openswan %changelog +* Mon Aug 5 2013 Avesh Agarwal - 0.9.8.0-1 +- Rebase to latest upstream version 0.9.8.0 +- Fixed several issues with the packaging + * Fri Aug 02 2013 Fedora Release Engineering - 0.9.3.995-6.git20120302 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild diff --git a/nm-openswan-845599-865883.patch b/nm-openswan-845599-865883.patch deleted file mode 100644 index 4787970..0000000 --- a/nm-openswan-845599-865883.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff -urNp NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service.h NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service.h ---- NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service.h 2012-10-18 12:46:37.007411996 -0400 -+++ NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service.h 2012-12-13 14:59:40.872675723 -0500 -@@ -54,6 +54,10 @@ - #define NM_OPENSWAN_PW_TYPE_ASK "ask" - #define NM_OPENSWAN_PW_TYPE_UNUSED "unused" - -+#ifndef NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE -+#define NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE "_none_" -+#endif -+ - typedef struct { - NMVPNPlugin parent; - } NMOPENSWANPlugin; -diff -urNp NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service-helper.c NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service-helper.c ---- NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service-helper.c 2012-10-18 12:46:49.758445398 -0400 -+++ NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service-helper.c 2012-12-13 14:59:07.560696232 -0500 -@@ -266,13 +266,15 @@ main (int argc, char *argv[]) - else - helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)"); - -- /* Tunnel device */ -- //val = str_to_gvalue (getenv ("TUNDEV"), FALSE); -- val = str_to_gvalue ("tun0", FALSE); -- if (val) -- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); -- else -- helper_failed (connection, "Tunnel Device"); -+ /* -+ * Tunnel device -+ * Indicate that openswan plugin doesn't use tun/tap device -+ */ -+ val = g_slice_new0 (GValue); -+ g_value_init (val, G_TYPE_STRING); -+ g_value_set_string (val, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE); -+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); -+ - - /* IP address */ - val = addr_to_gvalue (getenv ("PLUTO_MY_SOURCEIP")); diff --git a/nm-openswan-changes.patch b/nm-openswan-changes.patch deleted file mode 100644 index 32cc7e0..0000000 --- a/nm-openswan-changes.patch +++ /dev/null @@ -1,871 +0,0 @@ -diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/import-file.c NetworkManager-openswan-0.9.3.995-current/properties/import-file.c ---- NetworkManager-openswan-0.9.3.995-patched/properties/import-file.c 1969-12-31 19:00:00.000000000 -0500 -+++ NetworkManager-openswan-0.9.3.995-current/properties/import-file.c 2012-03-08 13:22:46.668803936 -0500 -@@ -0,0 +1,279 @@ -+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ -+/* NetworkManager -- Network link manager -+ * -+ * Copyright (C) 2012 Avesh Agarwal -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License along -+ * with this program; if not, write to the Free Software Foundation, Inc., -+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * (C) Copyright 2005 - 2008 Red Hat, Inc. -+ * (C) Copyright 2007 - 2008 Novell, Inc. -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include "import-file.h" -+ -+static void -+import_entry_free (importEntry *entry) -+{ -+ if (entry) { -+ g_free (entry->key); -+ g_free (entry->value); -+ g_free (entry); -+ } -+} -+ -+gboolean -+import_file_lookup_int (GHashTable *import_file, -+ const char *group, -+ const char *key, -+ gint *value) -+{ -+ const char *buf = NULL; -+ long int tmp; -+ -+ g_return_val_if_fail (import_file != NULL, FALSE); -+ g_return_val_if_fail (group != NULL, FALSE); -+ g_return_val_if_fail (key != NULL, FALSE); -+ g_return_val_if_fail (value != NULL, FALSE); -+ -+ *value = 0; -+ if (!import_file_lookup_string (import_file, group, key, &buf)) -+ return FALSE; -+ -+ errno = 0; -+ tmp = strtol (buf, NULL, 10); -+ if ((errno == 0) && (tmp > G_MININT) && (tmp < G_MAXINT)) { -+ *value = (gint) tmp; -+ return TRUE; -+ } -+ -+ return FALSE; -+} -+ -+ -+gboolean -+import_file_lookup_string (GHashTable *import_file, -+ const char *group, -+ const char *key, -+ const char **value) -+{ -+ importEntry *entry; -+ -+ g_return_val_if_fail (import_file != NULL, FALSE); -+ g_return_val_if_fail (group != NULL, FALSE); -+ g_return_val_if_fail (key != NULL, FALSE); -+ g_return_val_if_fail (value != NULL, FALSE); -+ -+ *value = NULL; -+ entry = import_file_lookup (import_file, group, key); -+ if (!entry || !entry->value || !strlen (entry->value)) -+ return FALSE; -+ -+ *value = entry->value; -+ return TRUE; -+} -+ -+importEntry * -+import_file_lookup (GHashTable *import_file, -+ const char *group, -+ const char *key) -+{ -+ gpointer section; -+ importEntry *entry = NULL; -+ char *group_lower = NULL; -+ char *key_lower = NULL; -+ -+ g_return_val_if_fail (import_file != NULL, NULL); -+ g_return_val_if_fail (group != NULL, NULL); -+ g_return_val_if_fail (key != NULL, NULL); -+ -+ group_lower = g_utf8_strdown (group, -1); -+ section = g_hash_table_lookup (import_file, group_lower); -+ if (section) { -+ key_lower = g_utf8_strdown (key, -1); -+ entry = (importEntry *) g_hash_table_lookup ((GHashTable *) section, key_lower); -+ } -+ -+ g_free (group_lower); -+ g_free (key_lower); -+ -+ return entry; -+} -+ -+gboolean -+import_file_lookup_bool (GHashTable *import_file, -+ const char *group, -+ const char *key, -+ gboolean *value) -+{ -+ const char *buf = NULL; -+ gboolean success = FALSE; -+ -+ g_return_val_if_fail (import_file != NULL, FALSE); -+ g_return_val_if_fail (group != NULL, FALSE); -+ g_return_val_if_fail (key != NULL, FALSE); -+ g_return_val_if_fail (value != NULL, FALSE); -+ -+ *value = FALSE; -+ if (!import_file_lookup_string (import_file, group, key, &buf)) -+ return FALSE; -+ -+ if (strlen (buf) == 1) { -+ if (strcmp (buf, "1") == 0) { -+ *value = TRUE; -+ success = TRUE; -+ } else if (strcmp (buf, "0") == 0) { -+ *value = FALSE; -+ success = TRUE; -+ } -+ } else { -+ if ( !strncasecmp (buf, "yes", 3) -+ || !strncasecmp (buf, "true", 4)) { -+ *value = TRUE; -+ success = TRUE; -+ } else if ( !strncasecmp (buf, "no", 2) -+ || !strncasecmp (buf, "false", 5)) { -+ *value = FALSE; -+ success = TRUE; -+ } -+ } -+ -+ return success; -+} -+ -+ -+GHashTable * -+import_file_load (const char *fname) -+{ -+ FILE *fo; -+ unsigned line; -+ GHashTable *import; -+ GHashTable *group = NULL; -+ importEntry *entry; -+ char *key; -+ -+ g_return_val_if_fail (fname != NULL, NULL); -+ -+ if (!(fo = fopen (fname, "r"))) { -+ g_warning ("Failed to open file '%s': %s", fname, strerror (errno)); -+ return NULL; -+ } -+ -+ import = g_hash_table_new_full (g_str_hash, g_str_equal, -+ g_free, -+ (GDestroyNotify) g_hash_table_destroy); -+ -+ line = 0; -+ while (!feof (fo)) { -+ char ln[1024]; /* 4x what we think to allow for possible UTF-8 conversion */ -+ char *s, *e; -+ -+ if (!(fgets (ln, sizeof (ln) / 4, fo))) -+ break; -+ -+ line++; -+ -+ if (!g_utf8_validate (ln, -1, NULL)) { -+ char *tmp; -+ GError *error = NULL; -+ -+ tmp = g_locale_to_utf8 (ln, -1, NULL, NULL, &error); -+ if (error) { -+ /* ignore the error; leave 'ln' alone. We tried. */ -+ g_error_free (error); -+ } else { -+ g_assert (tmp); -+ strcpy (ln, tmp); /* update ln with the UTF-8 safe text */ -+ } -+ g_free (tmp); -+ } -+ -+ s = ln + strspn (ln, " \t"); -+ s[strcspn (s, "\r\n")] = 0; -+ -+ /* Skip comments*/ -+ if (*s == '#') -+ continue; -+ -+ /* empty line means the connection definition finished*/ -+ if (*s == 0) -+ break; -+ -+ if ( (e = strstr(s, "conn"))) { -+ /* new group */ -+ -+ /* conn */ -+ /* here we go at the start of space character before */ -+ /* statement *(e++)=0 makes space a 0 and advances to the name or key value*/ -+ e += strlen("conn"); -+ group = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, -+ (GDestroyNotify) import_entry_free); -+ -+ g_hash_table_insert (import, g_utf8_strdown ("conn", -1), group); -+ -+ } else { -+ /* Normal assignment */ -+ if (!(e = strchr (s, '='))) { -+ g_warning ("Missing assignment in %s:%u: <%s>", fname, line, s); -+ goto fail; -+ } -+ -+ if (!group) { -+ g_warning ("Assignment outside group in %s:%u <%s>", fname, line, s); -+ goto fail; -+ } -+ } -+ -+ /* Split the key and the value */ -+ *(e++) = 0; -+ -+ entry = g_new (importEntry, 1); -+ entry->value = g_strdup (g_strstrip (e)); -+ -+ if (*s == ' ') { -+ key = g_utf8_strdown (s+1, -1); -+ } else { -+ key = g_utf8_strdown (s, -1); -+ } -+ -+ entry->read_only = FALSE; -+ entry->key = g_strdup (g_strstrip (key)); -+ g_free (key); -+ g_hash_table_insert (group, entry->key, entry); -+ } -+ -+ /* Contains a main section? */ -+ if (!g_hash_table_lookup (import, "conn")) -+ goto fail; -+ -+ fclose (fo); -+ -+ return import; -+ -+fail: -+ -+ if (fo) -+ fclose (fo); -+ -+ if (import) -+ g_hash_table_destroy (import); -+ -+ return NULL; -+} -diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/import-file.h NetworkManager-openswan-0.9.3.995-current/properties/import-file.h ---- NetworkManager-openswan-0.9.3.995-patched/properties/import-file.h 1969-12-31 19:00:00.000000000 -0500 -+++ NetworkManager-openswan-0.9.3.995-current/properties/import-file.h 2012-03-08 13:22:46.679803934 -0500 -@@ -0,0 +1,58 @@ -+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */ -+/* NetworkManager -- Network link manager -+ * -+ * Copyright (C) 2012 Avesh Agarwal -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License along -+ * with this program; if not, write to the Free Software Foundation, Inc., -+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * (C) Copyright 2005 - 2008 Red Hat, Inc. -+ * (C) Copyright 2007 - 2008 Novell, Inc. -+ */ -+ -+#ifndef IMPORT_FILE_H -+#define IMPORT_FILE_H -+ -+#include -+ -+typedef struct importEntry importEntry; -+ -+struct importEntry { -+ char *key; -+ char *value; -+ gboolean read_only; -+}; -+ -+GHashTable *import_file_load (const char *fname); -+importEntry *import_file_lookup (GHashTable *import_file, -+ const char *group, -+ const char *key); -+ -+gboolean import_file_lookup_string (GHashTable *import_file, -+ const char *group, -+ const char *key, -+ const char **value); -+ -+gboolean import_file_lookup_bool (GHashTable *import_file, -+ const char *group, -+ const char *key, -+ gboolean *value); -+ -+gboolean import_file_lookup_int (GHashTable *import_file, -+ const char *group, -+ const char *key, -+ gint *value); -+ -+#endif /* IMPORT_FILE_H */ -+ -diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/Makefile.am NetworkManager-openswan-0.9.3.995-current/properties/Makefile.am ---- NetworkManager-openswan-0.9.3.995-patched/properties/Makefile.am 2012-03-08 13:19:14.504858594 -0500 -+++ NetworkManager-openswan-0.9.3.995-current/properties/Makefile.am 2012-03-08 13:20:10.987843635 -0500 -@@ -4,6 +4,8 @@ plugindir = $(libdir)/NetworkManager - plugin_LTLIBRARIES = libnm-openswan-properties.la - - libnm_openswan_properties_la_SOURCES = \ -+ import-file.c \ -+ import-file.h \ - nm-openswan.c \ - nm-openswan.h - -diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/Makefile.in NetworkManager-openswan-0.9.3.995-current/properties/Makefile.in ---- NetworkManager-openswan-0.9.3.995-patched/properties/Makefile.in 2012-03-08 13:19:14.504858594 -0500 -+++ NetworkManager-openswan-0.9.3.995-current/properties/Makefile.in 2012-03-08 13:24:53.908773055 -0500 -@@ -76,6 +76,7 @@ am__DEPENDENCIES_1 = - libnm_openswan_properties_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) - am_libnm_openswan_properties_la_OBJECTS = \ -+ libnm_openswan_properties_la-import-file.lo \ - libnm_openswan_properties_la-nm-openswan.lo - libnm_openswan_properties_la_OBJECTS = \ - $(am_libnm_openswan_properties_la_OBJECTS) -@@ -257,6 +258,8 @@ INCLUDES = -I${top_srcdir} - plugindir = $(libdir)/NetworkManager - plugin_LTLIBRARIES = libnm-openswan-properties.la - libnm_openswan_properties_la_SOURCES = \ -+ import-file.c \ -+ import-file.h \ - nm-openswan.c \ - nm-openswan.h - -@@ -356,6 +359,7 @@ mostlyclean-compile: - distclean-compile: - -rm -f *.tab.c - -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnm_openswan_properties_la-import-file.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnm_openswan_properties_la-nm-openswan.Plo@am__quote@ - - .c.o: -@@ -382,6 +386,13 @@ distclean-compile: - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ - @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -+libnm_openswan_properties_la-import-file.lo: import-file.c -+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libnm_openswan_properties_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libnm_openswan_properties_la-import-file.lo -MD -MP -MF $(DEPDIR)/libnm_openswan_properties_la-import-file.Tpo -c -o libnm_openswan_properties_la-import-file.lo `test -f 'import-file.c' || echo '$(srcdir)/'`import-file.c -+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libnm_openswan_properties_la-import-file.Tpo $(DEPDIR)/libnm_openswan_properties_la-import-file.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='import-file.c' object='libnm_openswan_properties_la-import-file.lo' libtool=yes @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libnm_openswan_properties_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libnm_openswan_properties_la-import-file.lo `test -f 'import-file.c' || echo '$(srcdir)/'`import-file.c -+ - libnm_openswan_properties_la-nm-openswan.lo: nm-openswan.c - @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libnm_openswan_properties_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libnm_openswan_properties_la-nm-openswan.lo -MD -MP -MF $(DEPDIR)/libnm_openswan_properties_la-nm-openswan.Tpo -c -o libnm_openswan_properties_la-nm-openswan.lo `test -f 'nm-openswan.c' || echo '$(srcdir)/'`nm-openswan.c - @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libnm_openswan_properties_la-nm-openswan.Tpo $(DEPDIR)/libnm_openswan_properties_la-nm-openswan.Plo -diff -urNp NetworkManager-openswan-0.9.3.995-patched/properties/nm-openswan.c NetworkManager-openswan-0.9.3.995-current/properties/nm-openswan.c ---- NetworkManager-openswan-0.9.3.995-patched/properties/nm-openswan.c 2012-03-08 13:19:14.496858605 -0500 -+++ NetworkManager-openswan-0.9.3.995-current/properties/nm-openswan.c 2012-03-09 11:50:25.216469375 -0500 -@@ -30,6 +30,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -43,6 +44,7 @@ - - #include "src/nm-openswan-service.h" - #include "nm-openswan.h" -+#include "import-file.h" - - #define OPENSWAN_PLUGIN_NAME _("IPsec based VPN") - #define OPENSWAN_PLUGIN_DESC _("IPsec, IKEv1, IKEv2 based VPN") -@@ -120,6 +122,81 @@ openswan_plugin_ui_error_get_type (void) - return etype; - } - -+/* This function verifies if the input string represents a valid -+ * ipv4 or not, only if the string is a ipv4 address otherwise consider -+ * the string a hostname or ipv6 address and returns true -+ */ -+static gboolean -+valid_ip_if_ip(const char *str) -+{ -+ -+ char *tmp; -+ /* nlabels counts number of parts seprated by dots*/ -+ int nlabels=0, i=0; -+ char tmp_str[1024]; -+ long int tmp_li; -+ gboolean all_valid_numbers = TRUE; -+ -+ tmp = (char *)str; -+ -+ /* assumption is that an ip address must have either a dot or a digit */ -+ while(*tmp) { -+ tmp_str[i++] = *tmp; -+ -+ /* This means this may be hostname or IPV6 return TRUE*/ -+ if(*tmp != '.' && !isdigit(*tmp)) { -+ return TRUE; -+ } -+ -+ if (*tmp == '.' || *(tmp+1) == '\0' ) { -+ -+ if(*tmp == '.') { -+ tmp_str[i-1]='\0'; -+ } -+ else { -+ tmp_str[i] = '\0'; -+ } -+ nlabels++; -+ /* check length of this part for valid ip, maximum is 3 (255) */ -+ /* !strlen(tmp_str) tests if tmp_str does not contain anything for example 10.. -+ * or similar to this */ -+ if (strlen(tmp_str) > 3 || !strlen(tmp_str)) { -+ /* this means a part of string has all digits -+ * but is not valid for ipv4 address */ -+ all_valid_numbers = FALSE; -+ } -+ else { -+ tmp_li = strtol(tmp_str, (char **) NULL, 10); -+ if( tmp_li < 0 || tmp_li > 255) { -+ all_valid_numbers = FALSE; -+ } -+ } -+ -+ /*proceed to process another part if not reached to end of string*/ -+ i=0; -+ } -+ tmp++; -+ } -+ -+ /* if flow comes here that means all are either digits or dots, now check for validity*/ -+ /* check if there are not 4 part separetd by dots then it is an invalid an ip address, -+ * otherwise consider it as a hostname and return true. -+ * last character should not be dot that is invalid ip -+ */ -+ if(nlabels != 4 || *(tmp-1) == '.') { -+ return FALSE; -+ } -+ /* Now check if all the parts are valid integers as per ip address */ -+ else if (all_valid_numbers){ -+ /* this means it is a valid IP address*/ -+ return TRUE; -+ -+ } -+ else { -+ /* This is invalid ip address*/ -+ return FALSE; -+ } -+} - - static gboolean - check_validity (OpenswanPluginUiWidget *self, GError **error) -@@ -130,7 +207,7 @@ check_validity (OpenswanPluginUiWidget * - - widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "gateway_entry")); - str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); -- if (!str || !strlen (str) || strstr (str, " ") || strstr (str, "\t")) { -+ if (!str || !strlen (str) || strstr (str, " ") || strstr (str, "\t") || !valid_ip_if_ip(str)) { - g_set_error (error, - OPENSWAN_PLUGIN_UI_ERROR, - OPENSWAN_PLUGIN_UI_ERROR_INVALID_PROPERTY, -@@ -700,6 +777,275 @@ get_capabilities (NMVpnPluginUiInterface - return (NM_VPN_PLUGIN_UI_CAPABILITY_IMPORT | NM_VPN_PLUGIN_UI_CAPABILITY_EXPORT); - } - -+static NMConnection * -+import_from_file (NMVpnPluginUiInterface *iface, const char *path, GError **error) -+{ -+ NMConnection *connection; -+ NMSettingConnection *s_con; -+ NMSettingVPN *s_vpn; -+ GHashTable *import; -+ const char *buf; -+ gboolean bool_value; -+ NMSettingIP4Config *s_ip4; -+ -+ import = import_file_load (path); -+ if (!import) { -+ g_set_error (error, 0, 0, "does not look like a %s openswan connection (parse failed)", -+ OPENSWAN_PLUGIN_NAME); -+ return NULL; -+ } -+ -+ connection = nm_connection_new (); -+ s_con = NM_SETTING_CONNECTION (nm_setting_connection_new ()); -+ nm_connection_add_setting (connection, NM_SETTING (s_con)); -+ -+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ()); -+ g_object_set (s_vpn, NM_SETTING_VPN_SERVICE_TYPE, NM_DBUS_SERVICE_OPENSWAN, NULL); -+ nm_connection_add_setting (connection, NM_SETTING (s_vpn)); -+ -+ s_ip4 = NM_SETTING_IP4_CONFIG (nm_setting_ip4_config_new ()); -+ nm_connection_add_setting (connection, NM_SETTING (s_ip4)); -+ -+ /* Connection name */ -+ if (import_file_lookup_string (import, "conn", "conn", &buf)) -+ g_object_set (s_con, NM_SETTING_CONNECTION_ID, buf, NULL); -+ else { -+ g_set_error (error, 0, 0, "connection name error for %s VPN connection (parse failed)", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ -+ /* Gateway */ -+ if (import_file_lookup_string (import, "conn", "right", &buf)) -+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_RIGHT, buf); -+ else { -+ g_set_error (error, 0, 0, "does not look like a %s openswan connection (no gateway specified)", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ -+ /* Group name */ -+ if (import_file_lookup_string (import, "conn", "leftid", &buf)) { -+ if(*buf == '@') { -+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTID, buf+1); -+ } -+ else { -+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTID, buf); -+ } -+ } -+ else { -+ g_set_error (error, 0, 0, "does not look like a %s openswan connection (no GroupName)", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ -+ -+ /* Optional settings */ -+ -+ /* aggressive mode*/ -+ if (import_file_lookup_bool (import, "conn", "aggrmode", &bool_value)) { -+ if (!bool_value) { -+ g_set_error (error, 0, 0, "(aggrmode=yes) must be specified for %s openswan connection", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ } -+ -+ /* authentication method */ -+ if (import_file_lookup_string (import, "conn", "authby", &buf)) { -+ if(strcmp(buf, "secret")) { -+ g_set_error (error, 0, 0, "only authby=secret is supported for %s openswan connection", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ -+ } -+ -+ /* xauth client mode */ -+ if (import_file_lookup_bool (import, "conn", "leftxauthclient", &bool_value)) { -+ if (!bool_value) { -+ g_set_error (error, 0, 0, "(leftxauthclient=yes) must be specified for %s openswan connection", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ } -+ -+ /* mode cfg client mode */ -+ if (import_file_lookup_bool (import, "conn", "leftmodecfgclient", &bool_value)) { -+ if (!bool_value) { -+ g_set_error (error, 0, 0, "(leftmodecfgclient=yes) must be specified for %s openswan connection", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ } -+ -+ -+ /* remote peer type */ -+ if (import_file_lookup_string (import, "conn", "remote_peer_type", &buf)) { -+ if(strcmp(buf, "cisco")) { -+ g_set_error (error, 0, 0, "remote_peer_type must only be of type cisco is supported for %s openswan connection", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ -+ } -+ -+ /* xauth user name*/ -+ if (import_file_lookup_string (import, "conn", "leftxauthusername", &buf)) { -+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER, buf); -+ } -+ -+ /* xauth server mode */ -+ if (import_file_lookup_bool (import, "conn", "rightxauthserver", &bool_value)) { -+ if (!bool_value) { -+ g_set_error (error, 0, 0, "(rightxauthserver=yes) should be specified for %s openswan connection", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ } -+ -+ /* mode cfg server mode */ -+ if (import_file_lookup_bool (import, "conn", "rightmodecfgserver", &bool_value)) { -+ if (!bool_value) { -+ g_set_error (error, 0, 0, "(rightmodecfgserver=yes) should be specified for %s openswan connection", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ } -+ -+ /* network manager type connection*/ -+ if (import_file_lookup_bool (import, "conn", "nm_configured", &bool_value)) { -+ if (!bool_value) { -+ g_set_error (error, 0, 0, "(nm_configured=yes) should be specified for %s openswan connection", -+ OPENSWAN_PLUGIN_NAME); -+ g_object_unref (connection); -+ return NULL; -+ } -+ } -+ -+ /* IKE algorithms*/ -+ if (import_file_lookup_string (import, "conn", "ike", &buf)) { -+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_IKE, buf); -+ } -+ -+ /* ESP algorithms*/ -+ if (import_file_lookup_string (import, "conn", "esp", &buf)) { -+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_ESP, buf); -+ } -+ -+ -+ /* Connection name */ -+ /*if (import_file_lookup_string (import, "main", "Description", &buf)) -+ g_object_set (s_con, NM_SETTING_CONNECTION_ID, buf, NULL);*/ -+ -+ g_hash_table_destroy (import); -+ -+ return connection; -+} -+ -+static gboolean -+export_to_file (NMVpnPluginUiInterface *iface, -+ const char *path, -+ NMConnection *connection, -+ GError **error) -+{ -+ -+ NMSettingConnection *s_con; -+ NMSettingVPN *s_vpn; -+ FILE *f; -+ const char *value=NULL; -+ const char *default_username=NULL; -+ const char *groupname=NULL; -+ const char *gateway=NULL; -+ const char *phase1_alg_str=NULL; -+ const char *phase2_alg_str=NULL; -+ gboolean success = FALSE; -+ -+ s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); -+ s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); -+ -+ f = fopen (path, "w"); -+ if (!f) { -+ g_set_error (error, 0, 0, "could not open file for writing"); -+ return FALSE; -+ } -+ -+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_RIGHT); -+ if (value && strlen (value)) -+ gateway = value; -+ else { -+ g_set_error (error, 0, 0, "Openswan connection is missing gateway"); -+ goto done; -+ } -+ -+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTID); -+ if (value && strlen (value)) -+ groupname = value; -+ else { -+ g_set_error (error, 0, 0, "Openswan connection is missing group name"); -+ goto done; -+ } -+ -+ default_username = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); -+ if ( !default_username || !strlen(default_username)) { -+ default_username = nm_setting_vpn_get_user_name (s_vpn); -+ } -+ -+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_IKE); -+ if(value && strlen (value)) { -+ phase1_alg_str=value; -+ } -+ -+ value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_ESP); -+ if(value && strlen (value)) { -+ phase2_alg_str=value; -+ } -+ -+ fprintf(f, -+ "conn %s\n" -+ " aggrmode=yes\n" -+ " authby=secret\n" -+ " left=%%defaultroute\n" -+ " leftid=@%s\n" -+ " leftxauthclient=yes\n" -+ " leftmodecfgclient=yes\n" -+ " leftxauthusername=%s\n" -+ " right=%s\n" -+ " remote_peer_type=cisco\n" -+ " rightxauthserver=yes\n" -+ " rightmodecfgserver=yes\n" -+ " nm_configured=yes\n" -+ " rekey=no\n" -+ " salifetime=24h\n" -+ " ikelifetime=24h\n" -+ " keyingtries=1\n" -+ " ike=%s\n" -+ " esp=%s\n" -+ " auto=add\n", -+ nm_setting_connection_get_id (s_con), -+ groupname ? groupname: "", -+ default_username ? default_username : "", -+ gateway ? gateway : "", -+ phase1_alg_str ? phase1_alg_str : "aes-sha1", -+ phase2_alg_str ? phase2_alg_str : "aes-sha1;modp1024"); -+ -+ success = TRUE; -+done: -+ fclose (f); -+ return success; -+ -+} -+ - static NMVpnPluginUiWidgetInterface * - ui_factory (NMVpnPluginUiInterface *iface, NMConnection *connection, GError **error) - { -@@ -757,8 +1103,8 @@ openswan_plugin_ui_interface_init (NMVpn - /* interface implementation */ - iface_class->ui_factory = ui_factory; - iface_class->get_capabilities = get_capabilities; -- iface_class->import_from_file = NULL; -- iface_class->export_to_file = NULL; -+ iface_class->import_from_file = import_from_file; -+ iface_class->export_to_file = export_to_file; - iface_class->get_suggested_name = NULL; - } - -diff -urNp NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service.c NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service.c ---- NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service.c 2012-03-08 13:19:14.506858601 -0500 -+++ NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service.c 2012-03-08 13:21:56.012816653 -0500 -@@ -575,6 +575,10 @@ nm_openswan_config_write (gint openswan_ - } - - write_config_option (fdtmp1, " nm_configured=yes\n"); -+ write_config_option (fdtmp1, " rekey=yes\n"); -+ write_config_option (fdtmp1, " salifetime=24h\n"); -+ write_config_option (fdtmp1, " ikelifetime=24h\n"); -+ write_config_option (fdtmp1, " keyingtries=1\n"); - //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); - write_config_option (fdtmp1, " auto=add\n"); - //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); -diff -urNp NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service-helper.c NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service-helper.c ---- NetworkManager-openswan-0.9.3.995-patched/src/nm-openswan-service-helper.c 2012-03-08 13:19:14.506858601 -0500 -+++ NetworkManager-openswan-0.9.3.995-current/src/nm-openswan-service-helper.c 2012-03-09 11:56:33.731311772 -0500 -@@ -71,6 +71,34 @@ helper_failed (DBusGConnection *connecti - } - - static void -+helper_disconnect (DBusGConnection *connection, const char *reason) -+{ -+ DBusGProxy *proxy; -+ GError *err = NULL; -+ -+ g_warning ("nm-openswan-service-helper received %s from openswan", reason); -+ -+ proxy = dbus_g_proxy_new_for_name (connection, -+ NM_DBUS_SERVICE_OPENSWAN, -+ NM_VPN_DBUS_PLUGIN_PATH, -+ NM_VPN_DBUS_PLUGIN_INTERFACE); -+ -+ dbus_g_proxy_call (proxy, "Disconnect", &err, -+ G_TYPE_INVALID, G_TYPE_INVALID, -+ G_TYPE_INVALID, -+ G_TYPE_INVALID); -+ -+ if (err) { -+ g_warning ("Could not send failure information: %s", err->message); -+ g_error_free (err); -+ } -+ -+ g_object_unref (proxy); -+ -+ exit (1); -+} -+ -+static void - send_ip4_config (DBusGConnection *connection, GHashTable *config) - { - DBusGProxy *proxy; -@@ -215,16 +243,19 @@ main (int argc, char *argv[]) - * don't proceed unless its "connect". - */ - tmp = getenv ("openswan_reason"); -- if (tmp && strcmp (tmp, "connect") != 0) -- exit (0); -+ if (tmp == NULL || ( strcmp (tmp, "connect") != 0 && strcmp (tmp, "disconnect") != 0)) -+ exit (0); - -- - connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &err); - if (!connection) { - g_warning ("Could not get the system bus: %s", err->message); - exit (1); - } - -+ if( strcmp (tmp, "disconnect") == 0 ) { -+ helper_disconnect (connection, "disconnect"); -+ } -+ - config = g_hash_table_new (g_str_hash, g_str_equal); - - diff --git a/sources b/sources index c728c43..1e85c40 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -0a7393fc3bc9e7c3ca48a4f0a352c4fe NetworkManager-openswan-0.9.3.995.git20120302.tar.bz2 +70281754557a11eef344ecbc7f88b4ce NetworkManager-openswan-0.9.8.0.sha256sum +6a373868f85ac3b7c953f7fd6c76e637 NetworkManager-openswan-0.9.8.0.tar.xz From 08f137fc1113b3a85c99a3e89a920c3a088d8a31 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Tue, 10 Dec 2013 17:51:36 -0500 Subject: [PATCH 25/37] New upstream release 0.9.8.4 - Fixed 926225 - Fixed dependency to libreswan. - Created a new sub package NetworkManager-openswan-gnome - Various other spec file fixes. - Additional code changes are as follows: - Fixed an issue where proper network stack is not loaded unless _stackmanager is run before starting pluto daemon service. - Fixed the termination operation of pluto daemon to comply with libreswan changes. - Fixed various debug messages. - Fixed initiation of pluto daemon by this plugin to reflect the changes in libreaswan. - Fixed defaults values for more parameters to help the VPN connection stay more reliable. - Rewrote pluto watch API which watches the pluto process for its status. Fixed memory leak issues as not all child processes were reaped correctly. Also g_spwan_close_pid was not being called after children were reaped. Also modified debugs and added more to help with debugging in the future. - Fixed an issue where nm-openswan service is searching for ipsec binary in both /sbin and /usr/sbin leading to same operation twice, as /sbin is just symlink to /usr/sbin, so removed /sbin from the search paths. - Fixed some libreswan related macro changes. - Fixed netmask issue when sending IP information to the nm openswan plugin service. - Fixed the current code as it does not set the default route field NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN information to nm-openswan plugin. This fix sets the field to TRUE. - Fixed some issues found by coverity scan. - Fixed an issue where writing configuration on stdin should not end with \n as it gives error. It used to work previously, but not with latest NetworkManager versions. - libreswan related fixes, as some macros have been modified after forking to libreswan from openswan. - openswan/libreswan does not provide tun0 interface, so fixed the code where it sends tun0 interface. - Fix prcoessing of nm-openswan-dialog.ui file and added more error notifications. - Fixed dead code based on coverity scan. - Fixed gnomekeyring lib dependencies. - Fixed Networkmanager and related lib dependencies. - Fixed gtk label max width issue by setting it to 35. - NM-openswan was missing support for nm-openswan-auth-dialog.desktop.in.in. So added a new nm-openswan-auth-dialog.desktop.in.in, and modified related Makefile and configure.ac files. --- .gitignore | 2 + ...missing-support-for-nm-openswan-auth.patch | 67 +++++++ ...-max-width-issue-by-setting-it-to-35.patch | 33 ++++ ...manager-and-related-lib-dependencies.patch | 31 ++++ ...-Fixed-gnomekeyring-lib-dependencies.patch | 34 ++++ ...xed-dead-code-based-on-coverity-scan.patch | 145 +++++++++++++++ ...f-nm-openswan-dialog.ui-file-and-add.patch | 59 ++++++ ...an-does-not-provide-tun0-interface-s.patch | 98 ++++++++++ ...d-fixes-as-some-macros-have-been-mod.patch | 52 ++++++ ...here-writing-configuration-on-stdin-.patch | 28 +++ 0010-Fixed-more-coverity-scan-issues.patch | 175 ++++++++++++++++++ ...t-code-as-it-does-not-set-the-defaul.patch | 55 ++++++ ...sue-when-sending-IP-information-to-t.patch | 36 ++++ ...Fixed-more-libreswan-related-changes.patch | 68 +++++++ ...here-nm-openswan-service-is-searchin.patch | 27 +++ ...tch-API-which-watches-the-pluto-proc.patch | 131 +++++++++++++ ...alues-for-more-parameters-to-help-th.patch | 28 +++ ...-of-pluto-daemon-by-this-plugin-to-r.patch | 50 +++++ 0018-Fixed-various-debug-messages.patch | 103 +++++++++++ ...ation-operation-of-pluto-daemon-to-c.patch | 44 +++++ ...here-proper-network-stack-is-not-loa.patch | 39 ++++ NetworkManager-openswan.spec | 141 ++++++++++++-- sources | 4 +- 23 files changed, 1437 insertions(+), 13 deletions(-) create mode 100644 0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch create mode 100644 0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch create mode 100644 0003-Fixed-Networkmanager-and-related-lib-dependencies.patch create mode 100644 0004-Fixed-gnomekeyring-lib-dependencies.patch create mode 100644 0005-Fixed-dead-code-based-on-coverity-scan.patch create mode 100644 0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch create mode 100644 0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch create mode 100644 0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch create mode 100644 0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch create mode 100644 0010-Fixed-more-coverity-scan-issues.patch create mode 100644 0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch create mode 100644 0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch create mode 100644 0013-Fixed-more-libreswan-related-changes.patch create mode 100644 0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch create mode 100644 0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch create mode 100644 0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch create mode 100644 0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch create mode 100644 0018-Fixed-various-debug-messages.patch create mode 100644 0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch create mode 100644 0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch diff --git a/.gitignore b/.gitignore index 6f4e6a5..ae1f9c7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ NetworkManager-openswan-0.8.tar.gz /NetworkManager-openswan-0.9.8.0.sha256sum /NetworkManager-openswan-0.9.8.0.tar.xz +/NetworkManager-openswan-0.9.8.4.sha256sum +/NetworkManager-openswan-0.9.8.4.tar.xz diff --git a/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch b/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch new file mode 100644 index 0000000..e745bde --- /dev/null +++ b/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch @@ -0,0 +1,67 @@ +From ce807219123614d8496b29b591b8147dc190db54 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:38:23 -0500 +Subject: [PATCH 01/20] NM-openswan was missing support for + nm-openswan-auth-dialog.desktop.in.in. So added a new + nm-openswan-auth-dialog.desktop.in.in, and modified related Makefile and + configure.ac files. + +--- + auth-dialog/Makefile.am | 15 ++++++++++++++- + auth-dialog/nm-openswan-auth-dialog.desktop.in.in | 7 +++++++ + configure.ac | 1 + + 3 files changed, 22 insertions(+), 1 deletion(-) + create mode 100644 auth-dialog/nm-openswan-auth-dialog.desktop.in.in + +diff --git a/auth-dialog/Makefile.am b/auth-dialog/Makefile.am +index 4b5a01d..d1e8711 100644 +--- a/auth-dialog/Makefile.am ++++ b/auth-dialog/Makefile.am +@@ -22,5 +22,18 @@ nm_openswan_auth_dialog_LDADD = \ + $(GTK_LIBS) \ + $(GNOMEKEYRING_LIBS) + +-CLEANFILES = *~ ++@INTLTOOL_DESKTOP_RULE@ ++desktopdir = $(datadir)/applications ++desktop_in_in_files = nm-openswan-auth-dialog.desktop.in.in ++desktop_in_files = nm-openswan-auth-dialog.desktop.in ++desktop_DATA = $(desktop_in_files:.desktop.in=.desktop) + ++EXTRA_DIST = \ ++ $(desktop_in_in_files) ++ ++CLEANFILES = \ ++ *~ \ ++ $(desktop_DATA) ++ ++DISTCLEANFILES = \ ++ $(desktop_in_files) +diff --git a/auth-dialog/nm-openswan-auth-dialog.desktop.in.in b/auth-dialog/nm-openswan-auth-dialog.desktop.in.in +new file mode 100644 +index 0000000..9c91b6b +--- /dev/null ++++ b/auth-dialog/nm-openswan-auth-dialog.desktop.in.in +@@ -0,0 +1,7 @@ ++[Desktop Entry] ++_Name=Network ++_Comment=Request VPN authentication ++Exec=@LIBEXECDIR@/nm-openswan-auth-dialog ++Terminal=false ++Type=Application ++NoDisplay=true +diff --git a/configure.ac b/configure.ac +index b214ef7..10af655 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -114,6 +114,7 @@ AC_CONFIG_FILES([ + Makefile + src/Makefile + auth-dialog/Makefile ++auth-dialog/nm-openswan-auth-dialog.desktop.in + properties/Makefile + po/Makefile.in + ]) +-- +1.8.3.1 + diff --git a/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch b/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch new file mode 100644 index 0000000..8cc7230 --- /dev/null +++ b/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch @@ -0,0 +1,33 @@ +From fc10d570b9291e687e4b1dfbfcf8c5c8f5f38f02 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:39:57 -0500 +Subject: [PATCH 02/20] Fixed gtk label max width issue by setting it to 35. + +--- + auth-dialog/vpn-password-dialog.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/auth-dialog/vpn-password-dialog.c b/auth-dialog/vpn-password-dialog.c +index 9fa2509..685e17e 100644 +--- a/auth-dialog/vpn-password-dialog.c ++++ b/auth-dialog/vpn-password-dialog.c +@@ -29,6 +29,8 @@ + #include + #include + ++#include "src/nm-openswan-service.h" ++ + G_DEFINE_TYPE (VpnPasswordDialog, vpn_password_dialog, GTK_TYPE_DIALOG) + + #define VPN_PASSWORD_DIALOG_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), \ +@@ -278,6 +280,7 @@ vpn_password_dialog_new (const char *title, + message_label = GTK_LABEL (gtk_label_new (message)); + gtk_label_set_justify (message_label, GTK_JUSTIFY_LEFT); + gtk_label_set_line_wrap (message_label, TRUE); ++ gtk_label_set_max_width_chars (message_label, 35); + gtk_size_group_add_widget (priv->group, GTK_WIDGET (message_label)); + gtk_box_pack_start (GTK_BOX (main_vbox), GTK_WIDGET (message_label), FALSE, FALSE, 0); + gtk_size_group_add_widget (priv->group, priv->table_alignment); +-- +1.8.3.1 + diff --git a/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch b/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch new file mode 100644 index 0000000..0cc7ecc --- /dev/null +++ b/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch @@ -0,0 +1,31 @@ +From d39ea5f4a0d3048c5109550833ce8af743540a0e Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:41:36 -0500 +Subject: [PATCH 03/20] Fixed Networkmanager and related lib dependencies. + +--- + configure.ac | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 10af655..27e2242 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -66,10 +66,10 @@ AC_SUBST(DBUS_CFLAGS) + AC_SUBST(DBUS_LIBS) + + PKG_CHECK_MODULES(NM, +- NetworkManager >= 0.9.6 +- libnm-util >= 0.9.6 +- libnm-glib >= 0.9.6 +- libnm-glib-vpn >= 0.9.6) ++ NetworkManager >= 0.9.8 ++ libnm-util >= 0.9.8 ++ libnm-glib >= 0.9.8 ++ libnm-glib-vpn >= 0.9.8) + AC_SUBST(NM_CFLAGS) + AC_SUBST(NM_LIBS) + +-- +1.8.3.1 + diff --git a/0004-Fixed-gnomekeyring-lib-dependencies.patch b/0004-Fixed-gnomekeyring-lib-dependencies.patch new file mode 100644 index 0000000..160d39c --- /dev/null +++ b/0004-Fixed-gnomekeyring-lib-dependencies.patch @@ -0,0 +1,34 @@ +From 41fd9ad25736659b3a465630bca7da294b1204e5 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:42:50 -0500 +Subject: [PATCH 04/20] Fixed gnomekeyring lib dependencies. + +--- + properties/Makefile.am | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/properties/Makefile.am b/properties/Makefile.am +index f599e21..abbf208 100644 +--- a/properties/Makefile.am ++++ b/properties/Makefile.am +@@ -12,6 +12,7 @@ ui_DATA = nm-openswan-dialog.ui + + libnm_openswan_properties_la_CPPFLAGS = \ + $(GTK_CFLAGS) \ ++ $(GNOMEKEYRING_CFLAGS) \ + $(NM_CFLAGS) \ + -DICONDIR=\""$(datadir)/pixmaps"\" \ + -DUIDIR=\""$(uidir)"\" \ +@@ -22,7 +23,8 @@ libnm_openswan_properties_la_CPPFLAGS = \ + + libnm_openswan_properties_la_LIBADD = \ + $(GTK_LIBS) \ +- $(NM_LIBS) ++ $(NM_LIBS) \ ++ $(GNOMEKEYRING_LIBS) + + libnm_openswan_properties_la_LDFLAGS = \ + -avoid-version +-- +1.8.3.1 + diff --git a/0005-Fixed-dead-code-based-on-coverity-scan.patch b/0005-Fixed-dead-code-based-on-coverity-scan.patch new file mode 100644 index 0000000..18fa120 --- /dev/null +++ b/0005-Fixed-dead-code-based-on-coverity-scan.patch @@ -0,0 +1,145 @@ +From ff5dfb0a75d4312ddc923dff637ad180266ff923 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:44:24 -0500 +Subject: [PATCH 05/20] Fixed dead code based on coverity scan. + +--- + properties/nm-openswan.c | 94 ++++++++++++++++-------------------------------- + 1 file changed, 31 insertions(+), 63 deletions(-) + +diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c +index 75acedd..c13de36 100644 +--- a/properties/nm-openswan.c ++++ b/properties/nm-openswan.c +@@ -158,6 +158,36 @@ stuff_changed_cb (GtkWidget *widget, gpointer user_data) + } + + static void ++setup_password_widget (OpenswanPluginUiWidget *self, ++ const char *entry_name, ++ NMSettingVPN *s_vpn, ++ const char *secret_name, ++ gboolean new_connection) ++{ ++ OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); ++ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; ++ GtkWidget *widget; ++ const char *value; ++ ++ if (new_connection) ++ secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED; ++ ++ widget = (GtkWidget *) gtk_builder_get_object (priv->builder, entry_name); ++ g_assert (widget); ++ gtk_size_group_add_widget (priv->group, widget); ++ ++ if (s_vpn) { ++ value = nm_setting_vpn_get_secret (s_vpn, secret_name); ++ gtk_entry_set_text (GTK_ENTRY (widget), value ? value : ""); ++ nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_name, &secret_flags, NULL); ++ } ++ secret_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); ++ g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (secret_flags)); ++ ++ g_signal_connect (widget, "changed", G_CALLBACK (stuff_changed_cb), self); ++} ++ ++static void + show_toggled_cb (GtkCheckButton *button, OpenswanPluginUiWidget *self) + { + OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); +@@ -301,35 +331,6 @@ init_one_pw_combo (OpenswanPluginUiWidget *self, + g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (pw_type_combo_changed_cb), self); + } + +-static void +-setup_password_widget (OpenswanPluginUiWidget *self, +- const char *entry_name, +- NMSettingVPN *s_vpn, +- const char *secret_name, +- gboolean new_connection) +-{ +- OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); +- NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; +- GtkWidget *widget; +- const char *value; +- +- if (new_connection) +- secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED; +- +- widget = (GtkWidget *) gtk_builder_get_object (priv->builder, entry_name); +- g_assert (widget); +- gtk_size_group_add_widget (priv->group, widget); +- +- if (s_vpn) { +- value = nm_setting_vpn_get_secret (s_vpn, secret_name); +- gtk_entry_set_text (GTK_ENTRY (widget), value ? value : ""); +- nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_name, &secret_flags, NULL); +- } +- secret_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); +- g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (secret_flags)); +- +- g_signal_connect (widget, "changed", G_CALLBACK (stuff_changed_cb), self); +-} + + static gboolean + init_plugin_ui (OpenswanPluginUiWidget *self, +@@ -338,7 +339,7 @@ init_plugin_ui (OpenswanPluginUiWidget *self, + GError **error) + { + OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); +- NMSettingVPN *s_vpn; ++ NMSettingVPN *s_vpn = NULL; + GtkWidget *widget; + const char *value = NULL; + +@@ -435,24 +436,6 @@ init_plugin_ui (OpenswanPluginUiWidget *self, + } + g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); + +- /*widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); +- g_return_val_if_fail (widget != NULL, FALSE); +- if (s_vpn) { +- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT); +- if (value) { +- long int tmp; +- +- errno = 0; +- tmp = strtol (value, NULL, 10); +- if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0) +- priv->orig_dpd_timeout = (guint32) tmp; +- +- if (priv->orig_dpd_timeout == 0) +- gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); +- } +- } +- g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/ +- + widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton")); + g_return_val_if_fail (widget != NULL, FALSE); + g_signal_connect (G_OBJECT (widget), "toggled", +@@ -563,21 +546,6 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, + if (str && strlen (str)) + nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str); + +- //widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); +- //if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { +- // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); +- //} else { +- /* If DPD was disabled and now the user wishes to enable it, just +- * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the +- * default DPD idle time. Otherwise keep the original DPD idle timeout. +- */ +- // if (priv->orig_dpd_timeout >= 10) { +- // char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); +- // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); +- // g_free (tmp); +- // } +- //} +- + save_one_password (s_vpn, + priv->builder, + "user_password_entry", +-- +1.8.3.1 + diff --git a/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch b/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch new file mode 100644 index 0000000..5ac53d5 --- /dev/null +++ b/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch @@ -0,0 +1,59 @@ +From bc55d220fe7fe7b377aa21d1e2c153d54716e4ec Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:50:05 -0500 +Subject: [PATCH 06/20] Fix prcoessing of nm-openswan-dialog.ui file and added + more error notifications. + +--- + properties/nm-openswan.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c +index c13de36..e164e85 100644 +--- a/properties/nm-openswan.c ++++ b/properties/nm-openswan.c +@@ -462,7 +462,7 @@ save_one_password (NMSettingVPN *s_vpn, + const char *secret_key, + const char *type_key) + { +- NMSettingSecretFlags flags; ++ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; + const char *data_val = NULL, *password; + GtkWidget *entry, *combo; + +@@ -577,6 +577,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) + { + NMVpnPluginUiWidgetInterface *object; + OpenswanPluginUiWidgetPrivate *priv; ++ char *ui_file; + NMSettingVPN *s_vpn; + gboolean is_new = TRUE; + +@@ -591,15 +592,23 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) + + priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (object); + ++ ui_file = g_strdup_printf ("%s/%s", UIDIR, "nm-openswan-dialog.ui"); + priv->builder = gtk_builder_new (); + g_assert (priv->builder); + + gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE); + +- if (gtk_builder_add_from_file (priv->builder, UIDIR "/nm-openswan-dialog.ui", error) == 0) { ++ if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) { ++ g_warning ("Couldn't load builder file: %s", ++ error && *error ? (*error)->message : "(unknown)"); ++ g_clear_error (error); ++ g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0, ++ "could not load required resources at %s", ui_file); ++ g_free (ui_file); + g_object_unref (object); + return NULL; + } ++ g_free (ui_file); + + priv->widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "openswan-vbox")); + if (!priv->widget) { +-- +1.8.3.1 + diff --git a/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch b/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch new file mode 100644 index 0000000..d1f6ad5 --- /dev/null +++ b/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch @@ -0,0 +1,98 @@ +From db46fa8f456b7b21ad259ffab4a5b4e51e8c5809 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 13:58:50 -0500 +Subject: [PATCH 07/20] openswan/libreswan does not provide tun0 interface, so + fixed the code where it sends tun0 interface. + +--- + src/nm-openswan-service-helper.c | 26 ++++++++++++++++++++------ + src/nm-openswan-service.h | 4 ++++ + 2 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index d0b4e19..35cd9d9 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -202,12 +202,13 @@ int + main (int argc, char *argv[]) + { + DBusGConnection *connection; +- char *tmp; ++ char *tmp=NULL; + GHashTable *config; + GValue *val; + GError *err = NULL; +- //struct in_addr temp_addr; ++ struct in_addr temp_addr; + //long int mtu = 1412; ++ char nmask[16]="255.255.255.255"; + + #if !GLIB_CHECK_VERSION (2, 35, 0) + g_type_init (); +@@ -237,13 +238,25 @@ main (int argc, char *argv[]) + else + helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)"); + ++ ++ /* ++ * Tunnel device ++ * Indicate that openswan plugin doesn't use tun/tap device ++ */ ++ val = g_slice_new0 (GValue); ++ g_value_init (val, G_TYPE_STRING); ++ g_value_set_string (val, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE); ++ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); ++ ++#if 0 + /* Tunnel device */ + //val = str_to_gvalue (getenv ("TUNDEV"), FALSE); +- val = str_to_gvalue ("tun0", FALSE); ++ //val = str_to_gvalue ("tun0", FALSE); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); + else + helper_failed (connection, "Tunnel Device"); ++#endif + + /* IP address */ + val = addr_to_gvalue (getenv ("PLUTO_MY_SOURCEIP")); +@@ -258,9 +271,10 @@ main (int argc, char *argv[]) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val); + else + helper_failed (connection, "IP4 PTP Address"); +-#if 0 ++//#if 0 + /* Netmask */ +- tmp = getenv ("INTERNAL_IP4_NETMASK"); ++ //tmp = getenv ("INTERNAL_IP4_NETMASK"); ++ tmp = nmask; + if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) { + GValue *value; + +@@ -270,7 +284,7 @@ main (int argc, char *argv[]) + + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value); + } +-#endif ++//#endif + + /* DNS */ + val = addr_list_to_gvalue (getenv ("PLUTO_CISCO_DNS_INFO")); +diff --git a/src/nm-openswan-service.h b/src/nm-openswan-service.h +index cd79b43..0b6022d 100644 +--- a/src/nm-openswan-service.h ++++ b/src/nm-openswan-service.h +@@ -54,6 +54,10 @@ + #define NM_OPENSWAN_PW_TYPE_ASK "ask" + #define NM_OPENSWAN_PW_TYPE_UNUSED "unused" + ++#ifndef NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE ++#define NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE "_none_" ++#endif ++ + typedef struct { + NMVPNPlugin parent; + } NMOPENSWANPlugin; +-- +1.8.3.1 + diff --git a/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch b/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch new file mode 100644 index 0000000..035f61d --- /dev/null +++ b/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch @@ -0,0 +1,52 @@ +From 571c3af579c5753b82aab522486b6af45b27d7d8 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:01:00 -0500 +Subject: [PATCH 08/20] libreswan related fixes, as some macros have been + modified after forking to libreswan from openswan. + +--- + src/nm-openswan-service-helper.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index 35cd9d9..07bc576 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -210,6 +210,7 @@ main (int argc, char *argv[]) + //long int mtu = 1412; + char nmask[16]="255.255.255.255"; + ++ + #if !GLIB_CHECK_VERSION (2, 35, 0) + g_type_init (); + #endif +@@ -217,7 +218,7 @@ main (int argc, char *argv[]) + /* openswan gives us a "reason" code. If we are given one, + * don't proceed unless its "connect". + */ +- tmp = getenv ("openswan_reason"); ++ tmp = getenv ("libreswan_reason"); + if (tmp && strcmp (tmp, "connect") != 0) + exit (0); + +@@ -287,7 +288,7 @@ main (int argc, char *argv[]) + //#endif + + /* DNS */ +- val = addr_list_to_gvalue (getenv ("PLUTO_CISCO_DNS_INFO")); ++ val = addr_list_to_gvalue (getenv ("PLUTO_PEER_DNS_INFO")); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); + +@@ -299,7 +300,7 @@ main (int argc, char *argv[]) + #endif + + /* Default domain */ +- val = str_to_gvalue (getenv ("PLUTO_CISCO_DOMAIN_INFO"), TRUE); ++ val = str_to_gvalue (getenv ("PLUTO_PEER_DOMAIN_INFO"), TRUE); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val); + +-- +1.8.3.1 + diff --git a/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch b/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch new file mode 100644 index 0000000..a3cd52c --- /dev/null +++ b/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch @@ -0,0 +1,28 @@ +From 85774a1cd6f94e1d23ad0403bc912d4671503434 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:05:06 -0500 +Subject: [PATCH 09/20] Fixed an issue where writing configuration on stdin + should not end with \n as it gives error. It used to work previously, but not + with latest NetworkManager versions. + +--- + src/nm-openswan-service.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index ec0553c..f9bea3d 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -577,7 +577,8 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + + write_config_option (fdtmp1, " nm_configured=yes\n"); + //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); +- write_config_option (fdtmp1, " auto=add\n"); ++ //write_config_option (fdtmp1, " auto=add\n"); ++ write_config_option (fdtmp1, " auto=add"); + //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); + //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); + } +-- +1.8.3.1 + diff --git a/0010-Fixed-more-coverity-scan-issues.patch b/0010-Fixed-more-coverity-scan-issues.patch new file mode 100644 index 0000000..ecc7413 --- /dev/null +++ b/0010-Fixed-more-coverity-scan-issues.patch @@ -0,0 +1,175 @@ +From 0cae80518c6329f1575bf46b615123a5e034515a Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:33:38 -0500 +Subject: [PATCH 10/20] Fixed more coverity scan issues. + +--- + src/Makefile.am | 3 --- + src/nm-openswan-service-helper.c | 21 ------------------- + src/nm-openswan-service.c | 44 ---------------------------------------- + 3 files changed, 68 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 12ce851..4f3e316 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -21,17 +21,14 @@ nm_openswan_service_SOURCES = \ + nm-openswan-service.c \ + nm-openswan-service.h + +- + nm_openswan_service_LDADD = \ + $(DBUS_LIBS) \ + $(GTHREAD_LIBS) \ + $(NM_LIBS) + +- + nm_openswan_service_helper_SOURCES = \ + nm-openswan-service-helper.c + +- + nm_openswan_service_helper_LDADD = \ + $(DBUS_LIBS) \ + $(GTHREAD_LIBS) \ +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index 07bc576..e148b26 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -207,7 +207,6 @@ main (int argc, char *argv[]) + GValue *val; + GError *err = NULL; + struct in_addr temp_addr; +- //long int mtu = 1412; + char nmask[16]="255.255.255.255"; + + +@@ -292,12 +291,6 @@ main (int argc, char *argv[]) + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); + +-#if 0 +- /* WINS servers */ +- val = addr_list_to_gvalue (getenv ("INTERNAL_IP4_NBNS")); +- if (val) +- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val); +-#endif + + /* Default domain */ + val = str_to_gvalue (getenv ("PLUTO_PEER_DOMAIN_INFO"), TRUE); +@@ -309,20 +302,6 @@ main (int argc, char *argv[]) + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val); + +-#if 0 +- /* MTU */ +- tmp = getenv ("INTERNAL_IP4_MTU"); +- if (tmp && strlen (tmp)) { +- errno = 0; +- mtu = strtol (tmp, NULL, 10); +- if (errno || mtu < 0 || mtu > 20000) { +- g_warning ("Ignoring invalid tunnel MTU '%s'", tmp); +- mtu = 1412; +- } +- } +- val = uint_to_gvalue ((guint32) mtu); +- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_MTU, val); +-#endif + + /* Send the config info to nm-openswan-service */ + send_ip4_config (connection, config); +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index f9bea3d..64792a6 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -308,11 +308,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + g_ptr_array_add (openswan_argv, (gpointer) "--add"); + g_ptr_array_add (openswan_argv, (gpointer) "--config"); + g_ptr_array_add (openswan_argv, (gpointer) "-"); +- //g_ptr_array_add (openswan_argv, (gpointer) "--up"); +- //g_ptr_array_add (openswan_argv, (gpointer) "--name"); + g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); +- //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); +- //g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); + g_ptr_array_add (openswan_argv, NULL); + + if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, +@@ -524,17 +520,11 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + { + WriteConfigInfo *info; + const char *props_username; +- //const char *props_natt_mode; + const char *default_username; + const char *phase1_alg_str; + const char *phase2_alg_str; +- //const char *pw_type; + gint fdtmp1=-1; +- //gint conf_fd=-1; +- //gint secret_fd=-1; + +- //conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); +- //secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); + + fdtmp1 = openswan_fd; + if(fdtmp1 != -1) { +@@ -576,49 +566,17 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + } + + write_config_option (fdtmp1, " nm_configured=yes\n"); +- //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); +- //write_config_option (fdtmp1, " auto=add\n"); + write_config_option (fdtmp1, " auto=add"); +- //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); +- //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); + } + +- //default_username = nm_setting_vpn_get_user_name (s_vpn); +- +- /* Fill username if it's not present */ +- /*props_username = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); +- if ( default_username +- && strlen (default_username) +- && (!props_username || !strlen (props_username))) { +- write_config_option (openswan_fd, +- NM_OPENSWAN_LEFTXAUTHUSER " %s\n", +- default_username); +- }*/ +- + info = g_malloc0 (sizeof (WriteConfigInfo)); +- //info->fd = openswan_fd; +- //info->conf_fd = conf_fd; + info->conf_fd = openswan_fd; +- //info->secret_fd = secret_fd; + info->s_vpn = s_vpn; + +- /* Check for ignored user password */ +- /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); +- if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) +- info->upw_ignored = TRUE;*/ +- +- /* Check for ignored group password */ +- /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_PSK_INPUT_MODES); +- if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) +- info->gpw_ignored = TRUE;*/ +- + nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); +- //nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); + *error = info->error; +- //close(conf_fd); + close(openswan_fd); + sleep(3); +- //close(secret_fd); + g_free (info); + + return *error ? FALSE : TRUE; +@@ -807,8 +765,6 @@ real_disconnect (NMVPNPlugin *plugin, + } + g_ptr_array_free (openswan_argv, TRUE); + +- //unlink("/etc/ipsec.d/ipsec-nm-conn1.conf"); +- //unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); + + return TRUE; + } +-- +1.8.3.1 + diff --git a/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch b/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch new file mode 100644 index 0000000..03afc9f --- /dev/null +++ b/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch @@ -0,0 +1,55 @@ +From 9a5e803eac0f3bd30517a4e615271f0f1d97ca02 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:37:22 -0500 +Subject: [PATCH 11/20] Fixed the current code as it does not set the default + route field NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN + information to nm-openswan plugin. This fix sets the field to TRUE. + +--- + src/nm-openswan-service-helper.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index e148b26..59d79f9 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -121,6 +121,17 @@ str_to_gvalue (const char *str, gboolean try_convert) + } + + static GValue * ++bool_to_gvalue (gboolean b) ++{ ++ GValue *val; ++ ++ val = g_slice_new0 (GValue); ++ g_value_init (val, G_TYPE_BOOLEAN); ++ g_value_set_boolean (val, b); ++ return val; ++} ++ ++static GValue * + uint_to_gvalue (guint32 num) + { + GValue *val; +@@ -252,6 +263,7 @@ main (int argc, char *argv[]) + /* Tunnel device */ + //val = str_to_gvalue (getenv ("TUNDEV"), FALSE); + //val = str_to_gvalue ("tun0", FALSE); ++ val = str_to_gvalue ("lo", FALSE); + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); + else +@@ -302,6 +314,10 @@ main (int argc, char *argv[]) + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val); + ++ /* Routes */ ++ /* No default route*/ ++ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, ++ bool_to_gvalue (TRUE)); + + /* Send the config info to nm-openswan-service */ + send_ip4_config (connection, config); +-- +1.8.3.1 + diff --git a/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch b/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch new file mode 100644 index 0000000..468fa96 --- /dev/null +++ b/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch @@ -0,0 +1,36 @@ +From 7917ed515f29f54847e3bf57b6b61e7097ed78e7 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:38:08 -0500 +Subject: [PATCH 12/20] Fixed netmask issue when sending IP information to the + nm openswan plugin service. + +--- + src/nm-openswan-service-helper.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index 59d79f9..d521645 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -283,9 +283,8 @@ main (int argc, char *argv[]) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val); + else + helper_failed (connection, "IP4 PTP Address"); +-//#if 0 ++ + /* Netmask */ +- //tmp = getenv ("INTERNAL_IP4_NETMASK"); + tmp = nmask; + if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) { + GValue *value; +@@ -296,7 +295,6 @@ main (int argc, char *argv[]) + + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value); + } +-//#endif + + /* DNS */ + val = addr_list_to_gvalue (getenv ("PLUTO_PEER_DNS_INFO")); +-- +1.8.3.1 + diff --git a/0013-Fixed-more-libreswan-related-changes.patch b/0013-Fixed-more-libreswan-related-changes.patch new file mode 100644 index 0000000..a1ebd87 --- /dev/null +++ b/0013-Fixed-more-libreswan-related-changes.patch @@ -0,0 +1,68 @@ +From 2581ac2914b666b427a90ea400e757ef41030bdd Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:45:06 -0500 +Subject: [PATCH 13/20] Fixed more libreswan related changes. + +--- + src/nm-openswan-service-helper.c | 7 +++---- + src/nm-openswan-service.c | 8 ++++---- + 2 files changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c +index d521645..cde7443 100644 +--- a/src/nm-openswan-service-helper.c ++++ b/src/nm-openswan-service-helper.c +@@ -204,8 +204,8 @@ addr_list_to_gvalue (const char *str) + * + * PLUTO_PEER -- vpn gateway address + * PLUTO_MY_SOURCEIP -- address +- * PLUTO_CISCO_DNS_INFO -- list of dns serverss +- * PLUTO_CISCO_DOMAIN_INFO -- default domain name ++ * PLUTO_PEER_DNS_INFO -- list of dns serverss ++ * PLUTO_PEER_DOMAIN_INFO -- default domain name + * PLUTO_PEER_BANNER -- banner from server + * + */ +@@ -247,8 +247,7 @@ main (int argc, char *argv[]) + if (val) + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_GATEWAY, val); + else +- helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)"); +- ++ helper_failed (connection, "IPsec/Pluto Right Peer (VPN Gateway)"); + + /* + * Tunnel device +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index 64792a6..d59c58f 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -860,15 +860,15 @@ main (int argc, char *argv[]) + g_option_context_parse (opt_ctx, &argc, &argv, NULL); + g_option_context_free (opt_ctx); + +- if (getenv ("OPENSWAN_DEBUG")) ++ if (getenv ("IPSEC_DEBUG")) + debug = TRUE; + + if (debug) +- g_message ("nm-openswan-service (version " DIST_VERSION ") starting..."); ++ g_printf ("nm-openswan-service (version " DIST_VERSION ") starting...\n"); + + plugin = nm_openswan_plugin_new (); + if (!plugin) +- exit (1); ++ exit (EXIT_FAILURE); + + loop = g_main_loop_new (NULL, FALSE); + +@@ -881,5 +881,5 @@ main (int argc, char *argv[]) + g_main_loop_unref (loop); + g_object_unref (plugin); + +- exit (0); ++ exit (EXIT_SUCCESS); + } +-- +1.8.3.1 + diff --git a/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch b/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch new file mode 100644 index 0000000..924e0fe --- /dev/null +++ b/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch @@ -0,0 +1,27 @@ +From fdd136923c77b71080f2ccb2c0fe0a5234e73c1c Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 14:47:14 -0500 +Subject: [PATCH 14/20] Fixed an issue where nm-openswan service is searching + for ipsec binary in both /sbin and /usr/sbin leading to same operation twice, + as /sbin is just symlink to /usr/sbin, so removed /sbin from the search + paths. + +--- + src/nm-openswan-service.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index d59c58f..7f1a9c9 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -57,7 +57,6 @@ typedef struct { + static const char *openswan_binary_paths[] = + { + "/usr/sbin/ipsec", +- "/sbin/ipsec", + "/usr/local/sbin/ipsec", + NULL + }; +-- +1.8.3.1 + diff --git a/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch b/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch new file mode 100644 index 0000000..9d3df67 --- /dev/null +++ b/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch @@ -0,0 +1,131 @@ +From 24e2b36b20f2b6d42f715618e13c2919ad0fc51c Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:04:09 -0500 +Subject: [PATCH 15/20] Rewrite pluto watch API which watches the pluto process + for its status. Fixed memory leak issues as not all child processes were + reaped correctly. Also g_spwan_close_pid was not being called after children + were reaped. Also modified debugs and added more to help with debugging in + the future. + +--- + src/nm-openswan-service.c | 52 +++++++++++++++++++++++++++-------------------- + 1 file changed, 30 insertions(+), 22 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index 7f1a9c9..b73ab1f 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -207,30 +207,33 @@ nm_openswan_secrets_validate (NMSettingVPN *s_vpn, GError **error) + } + + static void +-openswan_watch_cb_auto (GPid pid, gint status, gpointer user_data) ++pluto_watch_cb (GPid pid, gint status, gpointer user_data) + { + NMOPENSWANPlugin *plugin = NM_OPENSWAN_PLUGIN (user_data); + NMOPENSWANPluginPrivate *priv = NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin); + guint error = 0; + ++ if(debug) ++ g_printf("pluto_watch: current child pid = %d, pluto pid=%d\n", pid, priv->pid); ++ + if (WIFEXITED (status)) { + error = WEXITSTATUS (status); + if (error != 0) +- g_warning ("openswan: ipsec auto exited with error code %d", error); ++ g_printf ("pluto_watch: pluto exited with error code %d\n", error); + } + else if (WIFSTOPPED (status)) +- g_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); ++ g_printf ("pluto_watch: pluto stopped unexpectedly with signal %d\n", WSTOPSIG (status)); + else if (WIFSIGNALED (status)) +- g_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); ++ g_printf ("pluto_watch: pluto died with signal %d\n", WTERMSIG (status)); + else +- g_warning ("openswan: ipsec auto died from an unknown cause"); ++ g_printf ("pluto_watch: pluto died from an unknown cause\n"); + + /* Reap child if needed. */ +- //waitpid (priv->pid_auto, NULL, WNOHANG); +- //priv->pid_auto = 0; ++ waitpid (pid, NULL, WNOHANG); ++ ++ if(debug) ++ g_printf ("pluto_watch: reaped child pid =%d\n", pid); + +- waitpid (priv->pid, NULL, WNOHANG); +- priv->pid = 0; + + /* Must be after data->state is set since signals use data->state */ + switch (error) { +@@ -246,18 +249,29 @@ openswan_watch_cb_auto (GPid pid, gint status, gpointer user_data) + break; + } + +- nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); ++ if(pid == priv->pid || error) { ++ priv->pid = 0; ++ ++ if(debug) ++ g_printf ("pluto_watch: nm pluto service is stopping\n"); ++ ++ nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); ++ } ++ ++ if(debug) ++ g_printf ("pluto_watch: nm pluto service will continue after reaping a child\n"); ++ ++ /*closing pid*/ ++ g_spawn_close_pid(pid); + } + + + static gint +-//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) + nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + { + GPid pid, pid_auto; + const char **openswan_binary = NULL; + GPtrArray *openswan_argv; +- GSource *openswan_watch; + gint stdin_fd; + + /* Find openswan ipsec */ +@@ -293,11 +307,8 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + + g_message ("openswan: ipsec started with pid %d", pid); + +- NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; +- openswan_watch = g_child_watch_source_new (pid); +- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); +- g_source_attach (openswan_watch, NULL); +- g_source_unref (openswan_watch); ++ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; ++ g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); + + sleep(2); + +@@ -322,11 +333,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + + g_message ("openswan: ipsec auto started with pid %d", pid_auto); + +- /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; +- openswan_watch = g_child_watch_source_new (pid_auto); +- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); +- g_source_attach (openswan_watch, NULL); +- g_source_unref (openswan_watch);*/ ++ g_child_watch_add(pid_auto, (GChildWatchFunc) pluto_watch_cb, plugin); + + return stdin_fd; + } +@@ -376,6 +383,7 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) + g_ptr_array_free (openswan_argv, TRUE); + + sleep(3); ++ g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); + + g_message ("openswan: ipsec auto connection started with pid %d", pid); + +-- +1.8.3.1 + diff --git a/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch b/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch new file mode 100644 index 0000000..f3bad15 --- /dev/null +++ b/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch @@ -0,0 +1,28 @@ +From dde144e924005c3048061b4d758019a1358ac505 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:05:25 -0500 +Subject: [PATCH 16/20] Fixed defaults values for more parameters to help the + VPN connection stay more reliable. + +--- + src/nm-openswan-service.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index b73ab1f..b807bcc 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -573,6 +573,10 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, + } + + write_config_option (fdtmp1, " nm_configured=yes\n"); ++ write_config_option (fdtmp1, " rekey=yes\n"); ++ write_config_option (fdtmp1, " salifetime=24h\n"); ++ write_config_option (fdtmp1, " ikelifetime=24h\n"); ++ write_config_option (fdtmp1, " keyingtries=1\n"); + write_config_option (fdtmp1, " auto=add"); + } + +-- +1.8.3.1 + diff --git a/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch b/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch new file mode 100644 index 0000000..2428ce9 --- /dev/null +++ b/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch @@ -0,0 +1,50 @@ +From 9dadb938c40e4d56fea6c6d55f3c9b90e776fb62 Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:21:54 -0500 +Subject: [PATCH 17/20] Fixed initiation of pluto daemon by this plugin to + reflect the changes in libreaswan. + +--- + src/nm-openswan-service.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index b807bcc..f205c1d 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -49,7 +49,6 @@ G_DEFINE_TYPE (NMOPENSWANPlugin, nm_openswan_plugin, NM_TYPE_VPN_PLUGIN) + + typedef struct { + GPid pid; +- GPid pid_auto; + } NMOPENSWANPluginPrivate; + + #define NM_OPENSWAN_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_OPENSWAN_PLUGIN, NMOPENSWANPluginPrivate)) +@@ -291,14 +290,20 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + return -1; + } + +- openswan_argv = g_ptr_array_new (); +- g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); +- g_ptr_array_add (openswan_argv, (gpointer) "setup"); ++ /*openswan_argv = g_ptr_array_new (); + g_ptr_array_add (openswan_argv, (gpointer) "start"); + g_ptr_array_add (openswan_argv, NULL); + ++ g_ptr_array_free (openswan_argv, TRUE);*/ ++ openswan_argv = g_ptr_array_new (); ++ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/pluto"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--config"); ++ g_ptr_array_add (openswan_argv, (gpointer) "/etc/ipsec.conf"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--nofork"); ++ g_ptr_array_add (openswan_argv, NULL); ++ + if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, +- 0, NULL, NULL, &pid, error)) { ++ G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) { + g_ptr_array_free (openswan_argv, TRUE); + g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); + return -1; +-- +1.8.3.1 + diff --git a/0018-Fixed-various-debug-messages.patch b/0018-Fixed-various-debug-messages.patch new file mode 100644 index 0000000..cedde11 --- /dev/null +++ b/0018-Fixed-various-debug-messages.patch @@ -0,0 +1,103 @@ +From 9ef10efa0905b22395987d99b26b8d5cbebd03ba Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:23:59 -0500 +Subject: [PATCH 18/20] Fixed various debug messages. + +--- + src/nm-openswan-service.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index f205c1d..fffd020 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -305,12 +305,12 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, + G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) { + g_ptr_array_free (openswan_argv, TRUE); +- g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); ++ g_printf ("pluto failed to start. error: '%s'\n", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- g_message ("openswan: ipsec started with pid %d", pid); ++ g_printf ("ipsec/pluto started with pid %d\n", pid); + + NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; + g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); +@@ -331,20 +331,19 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + NULL, NULL, error)) { + + g_ptr_array_free (openswan_argv, TRUE); +- g_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); ++ g_printf ("ipsec auto add failed with error: '%s'\n", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- g_message ("openswan: ipsec auto started with pid %d", pid_auto); ++ if(debug) ++ g_printf ("pluto auto started with pid %d\n", pid_auto); + + g_child_watch_add(pid_auto, (GChildWatchFunc) pluto_watch_cb, plugin); + + return stdin_fd; + } + +- +- + static gint + nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) + { +@@ -382,15 +381,17 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) + NULL, NULL, error)) { + + g_ptr_array_free (openswan_argv, TRUE); +- g_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); ++ g_printf ("ipsec/pluto auto connection failed to start. error: '%s'\n", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- sleep(3); ++ if(debug) ++ g_printf ("pluto up started with pid %d\n", pid); ++ + g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); + +- g_message ("openswan: ipsec auto connection started with pid %d", pid); ++ //sleep(3); + + return stdin_fd; + } +@@ -408,7 +409,7 @@ write_config_option (int fd, const char *format, ...) + g_print ("Config: %s", string); + + if ( write (fd, string, strlen (string)) == -1) { +- g_warning ("nm-openswan: error in write_config_option"); ++ g_printf ("nm-openswan: error in write_config_option\n"); + } + + g_free (string); +@@ -521,7 +522,7 @@ write_one_property (const char *key, const char *value, gpointer user_data) + /* ignored */ + } else { + /* Just ignore unknown properties */ +- g_warning ("Don't know how to write property '%s' with type %s", ++ g_printf ("Don't know how to write property '%s' with type %s\n", + (char *) key, g_type_name (type)); + } + } +@@ -676,7 +677,7 @@ real_connect (NMVPNPlugin *plugin, + if (openswan_fd < 0) + goto out; + +- write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); ++ write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); + close(openswan_fd); + openswan_fd=-1; + +-- +1.8.3.1 + diff --git a/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch b/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch new file mode 100644 index 0000000..127977a --- /dev/null +++ b/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch @@ -0,0 +1,44 @@ +From 27c17d7d805ad87632872cf2ded5237fc59159dd Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 15:25:35 -0500 +Subject: [PATCH 19/20] Fixed the termination operation of pluto daemon to + comply with libreswan changes. + +--- + src/nm-openswan-service.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index fffd020..af541bd 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -769,20 +769,21 @@ real_disconnect (NMVPNPlugin *plugin, + } + + openswan_argv = g_ptr_array_new (); +- g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); +- g_ptr_array_add (openswan_argv, (gpointer) "setup"); +- g_ptr_array_add (openswan_argv, (gpointer) "stop"); ++ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/whack"); ++ g_ptr_array_add (openswan_argv, (gpointer) "--shutdown"); ++ //g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); ++ //g_ptr_array_add (openswan_argv, (gpointer) "setup"); ++ //g_ptr_array_add (openswan_argv, (gpointer) "stop"); + g_ptr_array_add (openswan_argv, NULL); + + if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, + 0, NULL, NULL, NULL, error)) { + g_ptr_array_free (openswan_argv, TRUE); +- g_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); ++ g_printf ("ipsec (pluto) failed to stop. error: '%s'\n", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + +- + return TRUE; + } + +-- +1.8.3.1 + diff --git a/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch b/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch new file mode 100644 index 0000000..364b6f0 --- /dev/null +++ b/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch @@ -0,0 +1,39 @@ +From 7559f06152549e0c457d08c67f2d3088b37c6ccf Mon Sep 17 00:00:00 2001 +From: Avesh Agarwal +Date: Tue, 10 Dec 2013 16:56:18 -0500 +Subject: [PATCH 20/20] Fixed an issue where proper network stack is not loaded + unless _stackmanager is run before starting pluto daemon service. + +--- + src/nm-openswan-service.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index af541bd..f6afee5 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -290,11 +290,19 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) + return -1; + } + +- /*openswan_argv = g_ptr_array_new (); ++ openswan_argv = g_ptr_array_new (); ++ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/_stackmanager"); + g_ptr_array_add (openswan_argv, (gpointer) "start"); + g_ptr_array_add (openswan_argv, NULL); + +- g_ptr_array_free (openswan_argv, TRUE);*/ ++ if (!g_spawn_sync (NULL, (char **) openswan_argv->pdata, NULL, ++ 0, NULL, NULL, NULL, NULL, NULL, error)) { ++ g_ptr_array_free (openswan_argv, TRUE); ++ g_printf ("pluto _stackmanager failed with error: '%s'\n", (*error)->message); ++ return -1; ++ } ++ g_ptr_array_free (openswan_argv, TRUE); ++ + openswan_argv = g_ptr_array_new (); + g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/pluto"); + g_ptr_array_add (openswan_argv, (gpointer) "--config"); +-- +1.8.3.1 + diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 981cd60..fee2d02 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,19 +1,41 @@ -%define nm_version 1:0.9.2 +#%define nm_version 1:0.9.8 -%define realversion 0.9.8.0 +%define realversion 0.9.8.4 Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan -Version: 0.9.8.0 +Version: 0.9.8.4 Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/%{name}-%{realversion}.tar.xz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +Patch1: 0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch +Patch2: 0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch +Patch3: 0003-Fixed-Networkmanager-and-related-lib-dependencies.patch +Patch4: 0004-Fixed-gnomekeyring-lib-dependencies.patch +Patch5: 0005-Fixed-dead-code-based-on-coverity-scan.patch +Patch6: 0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch +Patch7: 0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch +Patch8: 0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch +Patch9: 0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch +Patch10: 0010-Fixed-more-coverity-scan-issues.patch +Patch11: 0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch +Patch12: 0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch +Patch13: 0013-Fixed-more-libreswan-related-changes.patch +Patch14: 0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch +Patch15: 0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch +Patch16: 0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch +Patch17: 0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch +Patch18: 0018-Fixed-various-debug-messages.patch +Patch19: 0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch +Patch20: 0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch BuildRequires: gtk3-devel BuildRequires: dbus-devel +BuildRequires: NetworkManager-devel +BuildRequires: NetworkManager-glib-devel BuildRequires: NetworkManager-devel >= %{nm_version} BuildRequires: NetworkManager-glib-devel >= %{nm_version} %if 0%{?fedora} > 16 || 0%{?rhel} >= 7 @@ -25,46 +47,143 @@ BuildRequires: intltool gettext Requires: NetworkManager >= %{nm_version} Requires: gnome-keyring +Requires: gtk3 +Requires: dbus +Requires: libreswan +Requires: shared-mime-info +#Requires: nm-connection-editor + +%global _privatelibs libnm-openswan-properties[.]so.* +%global __provides_exclude ^(%{_privatelibs})$ +%global __requires_exclude ^(%{_privatelibs})$ %description This package contains software for integrating the openswan VPN software with NetworkManager and the GNOME desktop +%package -n NetworkManager-openswan-gnome +Summary: NetworkManager VPN plugin for openswan - GNOME files +Group: System Environment/Base + +Requires: NetworkManager-openswan = %{version}-%{release} +Requires: nm-connection-editor + +%description -n NetworkManager-openswan-gnome +This package contains software for integrating VPN capabilities with +the openswan/libreswan server with NetworkManager (GNOME files). + %prep %setup -q -n NetworkManager-openswan-%{realversion} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 %build +autoreconf %configure --disable-static --enable-more-warnings=yes make %{?_smp_mflags} %install - make install DESTDIR=$RPM_BUILD_ROOT - rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la +rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.a +mv %{buildroot}%{_libexecdir}/nm-openswan-service-helper %{buildroot}%{_libexecdir}/nm-libreswan-service-helper %find_lang %{name} +%post +update-desktop-database &> /dev/null || : + +%postun +update-desktop-database &> /dev/null || : %clean rm -rf $RPM_BUILD_ROOT %files -f %{name}.lang %defattr(-, root, root,-) -%config /etc/NetworkManager/VPN/nm-openswan-service.name -%config /etc/dbus-1/system.d/nm-openswan-service.conf - %doc AUTHORS ChangeLog COPYING -%{_libdir}/NetworkManager/lib*.so* +#%{_libdir}/NetworkManager/lib*.so* %{_libexecdir}/nm-openswan-auth-dialog %{_sysconfdir}/dbus-1/system.d/nm-openswan-service.conf %{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name %{_libexecdir}/nm-openswan-service -%{_libexecdir}/nm-openswan-service-helper -%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui +%{_libexecdir}/nm-libreswan-service-helper +%{_datadir}/applications/nm-openswan-auth-dialog.desktop +#%dir %{_datadir}/gnome-vpn-properties/openswan +#%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui + +%files -n NetworkManager-openswan-gnome +%doc AUTHORS ChangeLog COPYING +%{_libdir}/NetworkManager/lib*.so* %dir %{_datadir}/gnome-vpn-properties/openswan +%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui + %changelog +* Tue Dec 10 2013 Avesh Agarwal - 0.9.8.4-1 +- New upstream release 0.9.8.4 +- Fixed 926225 +- Fixed dependency to libreswan. +- Created a new sub package NetworkManager-openswan-gnome +- Various other spec file fixes. +- Additional code changes are as follows: +- Fixed an issue where proper network stack is not loaded unless + _stackmanager is run before starting pluto daemon service. +- Fixed the termination operation of pluto daemon to comply with + libreswan changes. +- Fixed various debug messages. +- Fixed initiation of pluto daemon by this plugin to reflect the + changes in libreaswan. +- Fixed defaults values for more parameters to help the VPN + connection stay more reliable. +- Rewrote pluto watch API which watches the pluto process for its status. + Fixed memory leak issues as not all child processes were reaped correctly. + Also g_spwan_close_pid was not being called after children were reaped. + Also modified debugs and added more to help with debugging in the future. +- Fixed an issue where nm-openswan service is searching for ipsec binary in + both /sbin and /usr/sbin leading to same operation twice, as /sbin is just + symlink to /usr/sbin, so removed /sbin from the search paths. +- Fixed some libreswan related macro changes. +- Fixed netmask issue when sending IP information to the nm openswan + plugin service. +- Fixed the current code as it does not set the default route field + NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN information + to nm-openswan plugin. This fix sets the field to TRUE. +- Fixed some issues found by coverity scan. +- Fixed an issue where writing configuration on stdin should not end with + \n as it gives error. It used to work previously, but not with latest + NetworkManager versions. +- libreswan related fixes, as some macros have been modified after forking + to libreswan from openswan. +- openswan/libreswan does not provide tun0 interface, so fixed the code + where it sends tun0 interface. +- Fix prcoessing of nm-openswan-dialog.ui file and added more error notifications. +- Fixed dead code based on coverity scan. +- Fixed gnomekeyring lib dependencies. +- Fixed Networkmanager and related lib dependencies. +- Fixed gtk label max width issue by setting it to 35. +- NM-openswan was missing support for nm-openswan-auth-dialog.desktop.in.in. + So added a new nm-openswan-auth-dialog.desktop.in.in, and modified related + Makefile and configure.ac files. + * Mon Aug 5 2013 Avesh Agarwal - 0.9.8.0-1 - Rebase to latest upstream version 0.9.8.0 - Fixed several issues with the packaging diff --git a/sources b/sources index 1e85c40..5ae9be8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -70281754557a11eef344ecbc7f88b4ce NetworkManager-openswan-0.9.8.0.sha256sum -6a373868f85ac3b7c953f7fd6c76e637 NetworkManager-openswan-0.9.8.0.tar.xz +4aafa86d4203bb2b51c93165db165086 NetworkManager-openswan-0.9.8.4.sha256sum +6cb2b64bc79c4174856613d077667b66 NetworkManager-openswan-0.9.8.4.tar.xz From 2d9f8889555e0d2378bc123a35bfbed27d7250b8 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Thu, 12 Dec 2013 15:01:25 -0500 Subject: [PATCH 26/37] Fixes 1035786 (and its duplicate 1040924) --- NetworkManager-openswan.spec | 7 ++++++- nm-openswan-1035786-1040924.patch | 30 ++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 nm-openswan-1035786-1040924.patch diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index fee2d02..2199e9e 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -5,7 +5,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.8.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ @@ -31,6 +31,7 @@ Patch17: 0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch Patch18: 0018-Fixed-various-debug-messages.patch Patch19: 0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch Patch20: 0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch +Patch21: nm-openswan-1035786-1040924.patch BuildRequires: gtk3-devel BuildRequires: dbus-devel @@ -94,6 +95,7 @@ the openswan/libreswan server with NetworkManager (GNOME files). %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 %build autoreconf @@ -138,6 +140,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Dec 12 2013 Avesh Agarwal - 0.9.8.4-2 +- Fixes 1035786 (and its duplicate 1040924) + * Tue Dec 10 2013 Avesh Agarwal - 0.9.8.4-1 - New upstream release 0.9.8.4 - Fixed 926225 diff --git a/nm-openswan-1035786-1040924.patch b/nm-openswan-1035786-1040924.patch new file mode 100644 index 0000000..6e45e51 --- /dev/null +++ b/nm-openswan-1035786-1040924.patch @@ -0,0 +1,30 @@ +commit 044bd7593961389f24b1fdab7849f86da9f96246 +Author: Avesh Agarwal +Date: Thu Dec 12 14:55:26 2013 -0500 + + Fixes for rhbz#1035786 (and its duplicate: rhbz#1040924). + The patch is from here: + https://bug720319.bugzilla-attachments.gnome.org/attachment.cgi?id=264063 + Just did minor modifcation. + +diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c +index e164e85..7bb1413 100644 +--- a/properties/nm-openswan.c ++++ b/properties/nm-openswan.c +@@ -580,6 +580,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) + char *ui_file; + NMSettingVPN *s_vpn; + gboolean is_new = TRUE; ++ const char *object_ids[] = { "openswan-vbox", "model1", "model2", NULL }; + + if (error) + g_return_val_if_fail (*error == NULL, NULL); +@@ -598,7 +599,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) + + gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE); + +- if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) { ++ if (!gtk_builder_add_objects_from_file (priv->builder, ui_file, object_ids, error)) { + g_warning ("Couldn't load builder file: %s", + error && *error ? (*error)->message : "(unknown)"); + g_clear_error (error); From acaffacbb52a1dc3c59e5af42fad6cbde1cd4ac1 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 6 Jun 2014 17:53:56 -0500 Subject: [PATCH 27/37] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 2199e9e..5ca6429 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -5,7 +5,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.8.4 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ @@ -140,6 +140,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Jun 06 2014 Fedora Release Engineering - 0.9.8.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + * Thu Dec 12 2013 Avesh Agarwal - 0.9.8.4-2 - Fixes 1035786 (and its duplicate 1040924) From b56d3c8681fbf69a70ed3a8892886d576ac8b2cc Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Fri, 15 Aug 2014 18:50:57 +0000 Subject: [PATCH 28/37] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 5ca6429..14714e3 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -5,7 +5,7 @@ Summary: NetworkManager VPN plug-in for openswan Name: NetworkManager-openswan Version: 0.9.8.4 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ Group: System Environment/Base URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ @@ -140,6 +140,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Aug 15 2014 Fedora Release Engineering - 0.9.8.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Fri Jun 06 2014 Fedora Release Engineering - 0.9.8.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild From 60cd718fafdfff92ef863728b83322e137fb9096 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Mon, 22 Dec 2014 14:57:35 -0600 Subject: [PATCH 29/37] Update to 1.0 --- .gitignore | 1 + ...missing-support-for-nm-openswan-auth.patch | 67 ------- ...-max-width-issue-by-setting-it-to-35.patch | 33 ---- ...manager-and-related-lib-dependencies.patch | 31 ---- ...-Fixed-gnomekeyring-lib-dependencies.patch | 34 ---- ...xed-dead-code-based-on-coverity-scan.patch | 145 --------------- ...f-nm-openswan-dialog.ui-file-and-add.patch | 59 ------ ...an-does-not-provide-tun0-interface-s.patch | 98 ---------- ...d-fixes-as-some-macros-have-been-mod.patch | 52 ------ ...here-writing-configuration-on-stdin-.patch | 28 --- 0010-Fixed-more-coverity-scan-issues.patch | 175 ------------------ ...t-code-as-it-does-not-set-the-defaul.patch | 55 ------ ...sue-when-sending-IP-information-to-t.patch | 36 ---- ...Fixed-more-libreswan-related-changes.patch | 68 ------- ...here-nm-openswan-service-is-searchin.patch | 27 --- ...tch-API-which-watches-the-pluto-proc.patch | 131 ------------- ...alues-for-more-parameters-to-help-th.patch | 28 --- ...-of-pluto-daemon-by-this-plugin-to-r.patch | 50 ----- 0018-Fixed-various-debug-messages.patch | 103 ----------- ...ation-operation-of-pluto-daemon-to-c.patch | 44 ----- ...here-proper-network-stack-is-not-loa.patch | 39 ---- NetworkManager-openswan.spec | 78 ++------ nm-openswan-1035786-1040924.patch | 30 --- sources | 3 +- 24 files changed, 18 insertions(+), 1397 deletions(-) delete mode 100644 0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch delete mode 100644 0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch delete mode 100644 0003-Fixed-Networkmanager-and-related-lib-dependencies.patch delete mode 100644 0004-Fixed-gnomekeyring-lib-dependencies.patch delete mode 100644 0005-Fixed-dead-code-based-on-coverity-scan.patch delete mode 100644 0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch delete mode 100644 0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch delete mode 100644 0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch delete mode 100644 0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch delete mode 100644 0010-Fixed-more-coverity-scan-issues.patch delete mode 100644 0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch delete mode 100644 0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch delete mode 100644 0013-Fixed-more-libreswan-related-changes.patch delete mode 100644 0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch delete mode 100644 0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch delete mode 100644 0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch delete mode 100644 0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch delete mode 100644 0018-Fixed-various-debug-messages.patch delete mode 100644 0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch delete mode 100644 0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch delete mode 100644 nm-openswan-1035786-1040924.patch diff --git a/.gitignore b/.gitignore index ae1f9c7..65e5de7 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ NetworkManager-openswan-0.8.tar.gz /NetworkManager-openswan-0.9.8.0.tar.xz /NetworkManager-openswan-0.9.8.4.sha256sum /NetworkManager-openswan-0.9.8.4.tar.xz +/NetworkManager-openswan-1.0.0.tar.xz diff --git a/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch b/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch deleted file mode 100644 index e745bde..0000000 --- a/0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch +++ /dev/null @@ -1,67 +0,0 @@ -From ce807219123614d8496b29b591b8147dc190db54 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 13:38:23 -0500 -Subject: [PATCH 01/20] NM-openswan was missing support for - nm-openswan-auth-dialog.desktop.in.in. So added a new - nm-openswan-auth-dialog.desktop.in.in, and modified related Makefile and - configure.ac files. - ---- - auth-dialog/Makefile.am | 15 ++++++++++++++- - auth-dialog/nm-openswan-auth-dialog.desktop.in.in | 7 +++++++ - configure.ac | 1 + - 3 files changed, 22 insertions(+), 1 deletion(-) - create mode 100644 auth-dialog/nm-openswan-auth-dialog.desktop.in.in - -diff --git a/auth-dialog/Makefile.am b/auth-dialog/Makefile.am -index 4b5a01d..d1e8711 100644 ---- a/auth-dialog/Makefile.am -+++ b/auth-dialog/Makefile.am -@@ -22,5 +22,18 @@ nm_openswan_auth_dialog_LDADD = \ - $(GTK_LIBS) \ - $(GNOMEKEYRING_LIBS) - --CLEANFILES = *~ -+@INTLTOOL_DESKTOP_RULE@ -+desktopdir = $(datadir)/applications -+desktop_in_in_files = nm-openswan-auth-dialog.desktop.in.in -+desktop_in_files = nm-openswan-auth-dialog.desktop.in -+desktop_DATA = $(desktop_in_files:.desktop.in=.desktop) - -+EXTRA_DIST = \ -+ $(desktop_in_in_files) -+ -+CLEANFILES = \ -+ *~ \ -+ $(desktop_DATA) -+ -+DISTCLEANFILES = \ -+ $(desktop_in_files) -diff --git a/auth-dialog/nm-openswan-auth-dialog.desktop.in.in b/auth-dialog/nm-openswan-auth-dialog.desktop.in.in -new file mode 100644 -index 0000000..9c91b6b ---- /dev/null -+++ b/auth-dialog/nm-openswan-auth-dialog.desktop.in.in -@@ -0,0 +1,7 @@ -+[Desktop Entry] -+_Name=Network -+_Comment=Request VPN authentication -+Exec=@LIBEXECDIR@/nm-openswan-auth-dialog -+Terminal=false -+Type=Application -+NoDisplay=true -diff --git a/configure.ac b/configure.ac -index b214ef7..10af655 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -114,6 +114,7 @@ AC_CONFIG_FILES([ - Makefile - src/Makefile - auth-dialog/Makefile -+auth-dialog/nm-openswan-auth-dialog.desktop.in - properties/Makefile - po/Makefile.in - ]) --- -1.8.3.1 - diff --git a/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch b/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch deleted file mode 100644 index 8cc7230..0000000 --- a/0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch +++ /dev/null @@ -1,33 +0,0 @@ -From fc10d570b9291e687e4b1dfbfcf8c5c8f5f38f02 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 13:39:57 -0500 -Subject: [PATCH 02/20] Fixed gtk label max width issue by setting it to 35. - ---- - auth-dialog/vpn-password-dialog.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/auth-dialog/vpn-password-dialog.c b/auth-dialog/vpn-password-dialog.c -index 9fa2509..685e17e 100644 ---- a/auth-dialog/vpn-password-dialog.c -+++ b/auth-dialog/vpn-password-dialog.c -@@ -29,6 +29,8 @@ - #include - #include - -+#include "src/nm-openswan-service.h" -+ - G_DEFINE_TYPE (VpnPasswordDialog, vpn_password_dialog, GTK_TYPE_DIALOG) - - #define VPN_PASSWORD_DIALOG_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), \ -@@ -278,6 +280,7 @@ vpn_password_dialog_new (const char *title, - message_label = GTK_LABEL (gtk_label_new (message)); - gtk_label_set_justify (message_label, GTK_JUSTIFY_LEFT); - gtk_label_set_line_wrap (message_label, TRUE); -+ gtk_label_set_max_width_chars (message_label, 35); - gtk_size_group_add_widget (priv->group, GTK_WIDGET (message_label)); - gtk_box_pack_start (GTK_BOX (main_vbox), GTK_WIDGET (message_label), FALSE, FALSE, 0); - gtk_size_group_add_widget (priv->group, priv->table_alignment); --- -1.8.3.1 - diff --git a/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch b/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch deleted file mode 100644 index 0cc7ecc..0000000 --- a/0003-Fixed-Networkmanager-and-related-lib-dependencies.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d39ea5f4a0d3048c5109550833ce8af743540a0e Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 13:41:36 -0500 -Subject: [PATCH 03/20] Fixed Networkmanager and related lib dependencies. - ---- - configure.ac | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 10af655..27e2242 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -66,10 +66,10 @@ AC_SUBST(DBUS_CFLAGS) - AC_SUBST(DBUS_LIBS) - - PKG_CHECK_MODULES(NM, -- NetworkManager >= 0.9.6 -- libnm-util >= 0.9.6 -- libnm-glib >= 0.9.6 -- libnm-glib-vpn >= 0.9.6) -+ NetworkManager >= 0.9.8 -+ libnm-util >= 0.9.8 -+ libnm-glib >= 0.9.8 -+ libnm-glib-vpn >= 0.9.8) - AC_SUBST(NM_CFLAGS) - AC_SUBST(NM_LIBS) - --- -1.8.3.1 - diff --git a/0004-Fixed-gnomekeyring-lib-dependencies.patch b/0004-Fixed-gnomekeyring-lib-dependencies.patch deleted file mode 100644 index 160d39c..0000000 --- a/0004-Fixed-gnomekeyring-lib-dependencies.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 41fd9ad25736659b3a465630bca7da294b1204e5 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 13:42:50 -0500 -Subject: [PATCH 04/20] Fixed gnomekeyring lib dependencies. - ---- - properties/Makefile.am | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/properties/Makefile.am b/properties/Makefile.am -index f599e21..abbf208 100644 ---- a/properties/Makefile.am -+++ b/properties/Makefile.am -@@ -12,6 +12,7 @@ ui_DATA = nm-openswan-dialog.ui - - libnm_openswan_properties_la_CPPFLAGS = \ - $(GTK_CFLAGS) \ -+ $(GNOMEKEYRING_CFLAGS) \ - $(NM_CFLAGS) \ - -DICONDIR=\""$(datadir)/pixmaps"\" \ - -DUIDIR=\""$(uidir)"\" \ -@@ -22,7 +23,8 @@ libnm_openswan_properties_la_CPPFLAGS = \ - - libnm_openswan_properties_la_LIBADD = \ - $(GTK_LIBS) \ -- $(NM_LIBS) -+ $(NM_LIBS) \ -+ $(GNOMEKEYRING_LIBS) - - libnm_openswan_properties_la_LDFLAGS = \ - -avoid-version --- -1.8.3.1 - diff --git a/0005-Fixed-dead-code-based-on-coverity-scan.patch b/0005-Fixed-dead-code-based-on-coverity-scan.patch deleted file mode 100644 index 18fa120..0000000 --- a/0005-Fixed-dead-code-based-on-coverity-scan.patch +++ /dev/null @@ -1,145 +0,0 @@ -From ff5dfb0a75d4312ddc923dff637ad180266ff923 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 13:44:24 -0500 -Subject: [PATCH 05/20] Fixed dead code based on coverity scan. - ---- - properties/nm-openswan.c | 94 ++++++++++++++++-------------------------------- - 1 file changed, 31 insertions(+), 63 deletions(-) - -diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c -index 75acedd..c13de36 100644 ---- a/properties/nm-openswan.c -+++ b/properties/nm-openswan.c -@@ -158,6 +158,36 @@ stuff_changed_cb (GtkWidget *widget, gpointer user_data) - } - - static void -+setup_password_widget (OpenswanPluginUiWidget *self, -+ const char *entry_name, -+ NMSettingVPN *s_vpn, -+ const char *secret_name, -+ gboolean new_connection) -+{ -+ OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); -+ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; -+ GtkWidget *widget; -+ const char *value; -+ -+ if (new_connection) -+ secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED; -+ -+ widget = (GtkWidget *) gtk_builder_get_object (priv->builder, entry_name); -+ g_assert (widget); -+ gtk_size_group_add_widget (priv->group, widget); -+ -+ if (s_vpn) { -+ value = nm_setting_vpn_get_secret (s_vpn, secret_name); -+ gtk_entry_set_text (GTK_ENTRY (widget), value ? value : ""); -+ nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_name, &secret_flags, NULL); -+ } -+ secret_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); -+ g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (secret_flags)); -+ -+ g_signal_connect (widget, "changed", G_CALLBACK (stuff_changed_cb), self); -+} -+ -+static void - show_toggled_cb (GtkCheckButton *button, OpenswanPluginUiWidget *self) - { - OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); -@@ -301,35 +331,6 @@ init_one_pw_combo (OpenswanPluginUiWidget *self, - g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (pw_type_combo_changed_cb), self); - } - --static void --setup_password_widget (OpenswanPluginUiWidget *self, -- const char *entry_name, -- NMSettingVPN *s_vpn, -- const char *secret_name, -- gboolean new_connection) --{ -- OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); -- NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; -- GtkWidget *widget; -- const char *value; -- -- if (new_connection) -- secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED; -- -- widget = (GtkWidget *) gtk_builder_get_object (priv->builder, entry_name); -- g_assert (widget); -- gtk_size_group_add_widget (priv->group, widget); -- -- if (s_vpn) { -- value = nm_setting_vpn_get_secret (s_vpn, secret_name); -- gtk_entry_set_text (GTK_ENTRY (widget), value ? value : ""); -- nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_name, &secret_flags, NULL); -- } -- secret_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); -- g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (secret_flags)); -- -- g_signal_connect (widget, "changed", G_CALLBACK (stuff_changed_cb), self); --} - - static gboolean - init_plugin_ui (OpenswanPluginUiWidget *self, -@@ -338,7 +339,7 @@ init_plugin_ui (OpenswanPluginUiWidget *self, - GError **error) - { - OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); -- NMSettingVPN *s_vpn; -+ NMSettingVPN *s_vpn = NULL; - GtkWidget *widget; - const char *value = NULL; - -@@ -435,24 +436,6 @@ init_plugin_ui (OpenswanPluginUiWidget *self, - } - g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); - -- /*widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); -- g_return_val_if_fail (widget != NULL, FALSE); -- if (s_vpn) { -- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT); -- if (value) { -- long int tmp; -- -- errno = 0; -- tmp = strtol (value, NULL, 10); -- if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0) -- priv->orig_dpd_timeout = (guint32) tmp; -- -- if (priv->orig_dpd_timeout == 0) -- gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); -- } -- } -- g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/ -- - widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton")); - g_return_val_if_fail (widget != NULL, FALSE); - g_signal_connect (G_OBJECT (widget), "toggled", -@@ -563,21 +546,6 @@ update_connection (NMVpnPluginUiWidgetInterface *iface, - if (str && strlen (str)) - nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str); - -- //widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton")); -- //if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { -- // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); -- //} else { -- /* If DPD was disabled and now the user wishes to enable it, just -- * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the -- * default DPD idle time. Otherwise keep the original DPD idle timeout. -- */ -- // if (priv->orig_dpd_timeout >= 10) { -- // char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); -- // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); -- // g_free (tmp); -- // } -- //} -- - save_one_password (s_vpn, - priv->builder, - "user_password_entry", --- -1.8.3.1 - diff --git a/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch b/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch deleted file mode 100644 index 5ac53d5..0000000 --- a/0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch +++ /dev/null @@ -1,59 +0,0 @@ -From bc55d220fe7fe7b377aa21d1e2c153d54716e4ec Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 13:50:05 -0500 -Subject: [PATCH 06/20] Fix prcoessing of nm-openswan-dialog.ui file and added - more error notifications. - ---- - properties/nm-openswan.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c -index c13de36..e164e85 100644 ---- a/properties/nm-openswan.c -+++ b/properties/nm-openswan.c -@@ -462,7 +462,7 @@ save_one_password (NMSettingVPN *s_vpn, - const char *secret_key, - const char *type_key) - { -- NMSettingSecretFlags flags; -+ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; - const char *data_val = NULL, *password; - GtkWidget *entry, *combo; - -@@ -577,6 +577,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) - { - NMVpnPluginUiWidgetInterface *object; - OpenswanPluginUiWidgetPrivate *priv; -+ char *ui_file; - NMSettingVPN *s_vpn; - gboolean is_new = TRUE; - -@@ -591,15 +592,23 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) - - priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (object); - -+ ui_file = g_strdup_printf ("%s/%s", UIDIR, "nm-openswan-dialog.ui"); - priv->builder = gtk_builder_new (); - g_assert (priv->builder); - - gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE); - -- if (gtk_builder_add_from_file (priv->builder, UIDIR "/nm-openswan-dialog.ui", error) == 0) { -+ if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) { -+ g_warning ("Couldn't load builder file: %s", -+ error && *error ? (*error)->message : "(unknown)"); -+ g_clear_error (error); -+ g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0, -+ "could not load required resources at %s", ui_file); -+ g_free (ui_file); - g_object_unref (object); - return NULL; - } -+ g_free (ui_file); - - priv->widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "openswan-vbox")); - if (!priv->widget) { --- -1.8.3.1 - diff --git a/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch b/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch deleted file mode 100644 index d1f6ad5..0000000 --- a/0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch +++ /dev/null @@ -1,98 +0,0 @@ -From db46fa8f456b7b21ad259ffab4a5b4e51e8c5809 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 13:58:50 -0500 -Subject: [PATCH 07/20] openswan/libreswan does not provide tun0 interface, so - fixed the code where it sends tun0 interface. - ---- - src/nm-openswan-service-helper.c | 26 ++++++++++++++++++++------ - src/nm-openswan-service.h | 4 ++++ - 2 files changed, 24 insertions(+), 6 deletions(-) - -diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c -index d0b4e19..35cd9d9 100644 ---- a/src/nm-openswan-service-helper.c -+++ b/src/nm-openswan-service-helper.c -@@ -202,12 +202,13 @@ int - main (int argc, char *argv[]) - { - DBusGConnection *connection; -- char *tmp; -+ char *tmp=NULL; - GHashTable *config; - GValue *val; - GError *err = NULL; -- //struct in_addr temp_addr; -+ struct in_addr temp_addr; - //long int mtu = 1412; -+ char nmask[16]="255.255.255.255"; - - #if !GLIB_CHECK_VERSION (2, 35, 0) - g_type_init (); -@@ -237,13 +238,25 @@ main (int argc, char *argv[]) - else - helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)"); - -+ -+ /* -+ * Tunnel device -+ * Indicate that openswan plugin doesn't use tun/tap device -+ */ -+ val = g_slice_new0 (GValue); -+ g_value_init (val, G_TYPE_STRING); -+ g_value_set_string (val, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE); -+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); -+ -+#if 0 - /* Tunnel device */ - //val = str_to_gvalue (getenv ("TUNDEV"), FALSE); -- val = str_to_gvalue ("tun0", FALSE); -+ //val = str_to_gvalue ("tun0", FALSE); - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); - else - helper_failed (connection, "Tunnel Device"); -+#endif - - /* IP address */ - val = addr_to_gvalue (getenv ("PLUTO_MY_SOURCEIP")); -@@ -258,9 +271,10 @@ main (int argc, char *argv[]) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val); - else - helper_failed (connection, "IP4 PTP Address"); --#if 0 -+//#if 0 - /* Netmask */ -- tmp = getenv ("INTERNAL_IP4_NETMASK"); -+ //tmp = getenv ("INTERNAL_IP4_NETMASK"); -+ tmp = nmask; - if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) { - GValue *value; - -@@ -270,7 +284,7 @@ main (int argc, char *argv[]) - - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value); - } --#endif -+//#endif - - /* DNS */ - val = addr_list_to_gvalue (getenv ("PLUTO_CISCO_DNS_INFO")); -diff --git a/src/nm-openswan-service.h b/src/nm-openswan-service.h -index cd79b43..0b6022d 100644 ---- a/src/nm-openswan-service.h -+++ b/src/nm-openswan-service.h -@@ -54,6 +54,10 @@ - #define NM_OPENSWAN_PW_TYPE_ASK "ask" - #define NM_OPENSWAN_PW_TYPE_UNUSED "unused" - -+#ifndef NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE -+#define NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE "_none_" -+#endif -+ - typedef struct { - NMVPNPlugin parent; - } NMOPENSWANPlugin; --- -1.8.3.1 - diff --git a/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch b/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch deleted file mode 100644 index 035f61d..0000000 --- a/0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 571c3af579c5753b82aab522486b6af45b27d7d8 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 14:01:00 -0500 -Subject: [PATCH 08/20] libreswan related fixes, as some macros have been - modified after forking to libreswan from openswan. - ---- - src/nm-openswan-service-helper.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c -index 35cd9d9..07bc576 100644 ---- a/src/nm-openswan-service-helper.c -+++ b/src/nm-openswan-service-helper.c -@@ -210,6 +210,7 @@ main (int argc, char *argv[]) - //long int mtu = 1412; - char nmask[16]="255.255.255.255"; - -+ - #if !GLIB_CHECK_VERSION (2, 35, 0) - g_type_init (); - #endif -@@ -217,7 +218,7 @@ main (int argc, char *argv[]) - /* openswan gives us a "reason" code. If we are given one, - * don't proceed unless its "connect". - */ -- tmp = getenv ("openswan_reason"); -+ tmp = getenv ("libreswan_reason"); - if (tmp && strcmp (tmp, "connect") != 0) - exit (0); - -@@ -287,7 +288,7 @@ main (int argc, char *argv[]) - //#endif - - /* DNS */ -- val = addr_list_to_gvalue (getenv ("PLUTO_CISCO_DNS_INFO")); -+ val = addr_list_to_gvalue (getenv ("PLUTO_PEER_DNS_INFO")); - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); - -@@ -299,7 +300,7 @@ main (int argc, char *argv[]) - #endif - - /* Default domain */ -- val = str_to_gvalue (getenv ("PLUTO_CISCO_DOMAIN_INFO"), TRUE); -+ val = str_to_gvalue (getenv ("PLUTO_PEER_DOMAIN_INFO"), TRUE); - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val); - --- -1.8.3.1 - diff --git a/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch b/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch deleted file mode 100644 index a3cd52c..0000000 --- a/0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 85774a1cd6f94e1d23ad0403bc912d4671503434 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 14:05:06 -0500 -Subject: [PATCH 09/20] Fixed an issue where writing configuration on stdin - should not end with \n as it gives error. It used to work previously, but not - with latest NetworkManager versions. - ---- - src/nm-openswan-service.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index ec0553c..f9bea3d 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -577,7 +577,8 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, - - write_config_option (fdtmp1, " nm_configured=yes\n"); - //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); -- write_config_option (fdtmp1, " auto=add\n"); -+ //write_config_option (fdtmp1, " auto=add\n"); -+ write_config_option (fdtmp1, " auto=add"); - //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); - //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); - } --- -1.8.3.1 - diff --git a/0010-Fixed-more-coverity-scan-issues.patch b/0010-Fixed-more-coverity-scan-issues.patch deleted file mode 100644 index ecc7413..0000000 --- a/0010-Fixed-more-coverity-scan-issues.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 0cae80518c6329f1575bf46b615123a5e034515a Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 14:33:38 -0500 -Subject: [PATCH 10/20] Fixed more coverity scan issues. - ---- - src/Makefile.am | 3 --- - src/nm-openswan-service-helper.c | 21 ------------------- - src/nm-openswan-service.c | 44 ---------------------------------------- - 3 files changed, 68 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 12ce851..4f3e316 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -21,17 +21,14 @@ nm_openswan_service_SOURCES = \ - nm-openswan-service.c \ - nm-openswan-service.h - -- - nm_openswan_service_LDADD = \ - $(DBUS_LIBS) \ - $(GTHREAD_LIBS) \ - $(NM_LIBS) - -- - nm_openswan_service_helper_SOURCES = \ - nm-openswan-service-helper.c - -- - nm_openswan_service_helper_LDADD = \ - $(DBUS_LIBS) \ - $(GTHREAD_LIBS) \ -diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c -index 07bc576..e148b26 100644 ---- a/src/nm-openswan-service-helper.c -+++ b/src/nm-openswan-service-helper.c -@@ -207,7 +207,6 @@ main (int argc, char *argv[]) - GValue *val; - GError *err = NULL; - struct in_addr temp_addr; -- //long int mtu = 1412; - char nmask[16]="255.255.255.255"; - - -@@ -292,12 +291,6 @@ main (int argc, char *argv[]) - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); - --#if 0 -- /* WINS servers */ -- val = addr_list_to_gvalue (getenv ("INTERNAL_IP4_NBNS")); -- if (val) -- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val); --#endif - - /* Default domain */ - val = str_to_gvalue (getenv ("PLUTO_PEER_DOMAIN_INFO"), TRUE); -@@ -309,20 +302,6 @@ main (int argc, char *argv[]) - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val); - --#if 0 -- /* MTU */ -- tmp = getenv ("INTERNAL_IP4_MTU"); -- if (tmp && strlen (tmp)) { -- errno = 0; -- mtu = strtol (tmp, NULL, 10); -- if (errno || mtu < 0 || mtu > 20000) { -- g_warning ("Ignoring invalid tunnel MTU '%s'", tmp); -- mtu = 1412; -- } -- } -- val = uint_to_gvalue ((guint32) mtu); -- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_MTU, val); --#endif - - /* Send the config info to nm-openswan-service */ - send_ip4_config (connection, config); -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index f9bea3d..64792a6 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -308,11 +308,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - g_ptr_array_add (openswan_argv, (gpointer) "--add"); - g_ptr_array_add (openswan_argv, (gpointer) "--config"); - g_ptr_array_add (openswan_argv, (gpointer) "-"); -- //g_ptr_array_add (openswan_argv, (gpointer) "--up"); -- //g_ptr_array_add (openswan_argv, (gpointer) "--name"); - g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); -- //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); -- //g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); - g_ptr_array_add (openswan_argv, NULL); - - if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, -@@ -524,17 +520,11 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, - { - WriteConfigInfo *info; - const char *props_username; -- //const char *props_natt_mode; - const char *default_username; - const char *phase1_alg_str; - const char *phase2_alg_str; -- //const char *pw_type; - gint fdtmp1=-1; -- //gint conf_fd=-1; -- //gint secret_fd=-1; - -- //conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); -- //secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); - - fdtmp1 = openswan_fd; - if(fdtmp1 != -1) { -@@ -576,49 +566,17 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, - } - - write_config_option (fdtmp1, " nm_configured=yes\n"); -- //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); -- //write_config_option (fdtmp1, " auto=add\n"); - write_config_option (fdtmp1, " auto=add"); -- //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); -- //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); - } - -- //default_username = nm_setting_vpn_get_user_name (s_vpn); -- -- /* Fill username if it's not present */ -- /*props_username = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); -- if ( default_username -- && strlen (default_username) -- && (!props_username || !strlen (props_username))) { -- write_config_option (openswan_fd, -- NM_OPENSWAN_LEFTXAUTHUSER " %s\n", -- default_username); -- }*/ -- - info = g_malloc0 (sizeof (WriteConfigInfo)); -- //info->fd = openswan_fd; -- //info->conf_fd = conf_fd; - info->conf_fd = openswan_fd; -- //info->secret_fd = secret_fd; - info->s_vpn = s_vpn; - -- /* Check for ignored user password */ -- /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); -- if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) -- info->upw_ignored = TRUE;*/ -- -- /* Check for ignored group password */ -- /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_PSK_INPUT_MODES); -- if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) -- info->gpw_ignored = TRUE;*/ -- - nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); -- //nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); - *error = info->error; -- //close(conf_fd); - close(openswan_fd); - sleep(3); -- //close(secret_fd); - g_free (info); - - return *error ? FALSE : TRUE; -@@ -807,8 +765,6 @@ real_disconnect (NMVPNPlugin *plugin, - } - g_ptr_array_free (openswan_argv, TRUE); - -- //unlink("/etc/ipsec.d/ipsec-nm-conn1.conf"); -- //unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); - - return TRUE; - } --- -1.8.3.1 - diff --git a/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch b/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch deleted file mode 100644 index 03afc9f..0000000 --- a/0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 9a5e803eac0f3bd30517a4e615271f0f1d97ca02 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 14:37:22 -0500 -Subject: [PATCH 11/20] Fixed the current code as it does not set the default - route field NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN - information to nm-openswan plugin. This fix sets the field to TRUE. - ---- - src/nm-openswan-service-helper.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c -index e148b26..59d79f9 100644 ---- a/src/nm-openswan-service-helper.c -+++ b/src/nm-openswan-service-helper.c -@@ -121,6 +121,17 @@ str_to_gvalue (const char *str, gboolean try_convert) - } - - static GValue * -+bool_to_gvalue (gboolean b) -+{ -+ GValue *val; -+ -+ val = g_slice_new0 (GValue); -+ g_value_init (val, G_TYPE_BOOLEAN); -+ g_value_set_boolean (val, b); -+ return val; -+} -+ -+static GValue * - uint_to_gvalue (guint32 num) - { - GValue *val; -@@ -252,6 +263,7 @@ main (int argc, char *argv[]) - /* Tunnel device */ - //val = str_to_gvalue (getenv ("TUNDEV"), FALSE); - //val = str_to_gvalue ("tun0", FALSE); -+ val = str_to_gvalue ("lo", FALSE); - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); - else -@@ -302,6 +314,10 @@ main (int argc, char *argv[]) - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val); - -+ /* Routes */ -+ /* No default route*/ -+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, -+ bool_to_gvalue (TRUE)); - - /* Send the config info to nm-openswan-service */ - send_ip4_config (connection, config); --- -1.8.3.1 - diff --git a/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch b/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch deleted file mode 100644 index 468fa96..0000000 --- a/0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 7917ed515f29f54847e3bf57b6b61e7097ed78e7 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 14:38:08 -0500 -Subject: [PATCH 12/20] Fixed netmask issue when sending IP information to the - nm openswan plugin service. - ---- - src/nm-openswan-service-helper.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c -index 59d79f9..d521645 100644 ---- a/src/nm-openswan-service-helper.c -+++ b/src/nm-openswan-service-helper.c -@@ -283,9 +283,8 @@ main (int argc, char *argv[]) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val); - else - helper_failed (connection, "IP4 PTP Address"); --//#if 0 -+ - /* Netmask */ -- //tmp = getenv ("INTERNAL_IP4_NETMASK"); - tmp = nmask; - if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) { - GValue *value; -@@ -296,7 +295,6 @@ main (int argc, char *argv[]) - - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value); - } --//#endif - - /* DNS */ - val = addr_list_to_gvalue (getenv ("PLUTO_PEER_DNS_INFO")); --- -1.8.3.1 - diff --git a/0013-Fixed-more-libreswan-related-changes.patch b/0013-Fixed-more-libreswan-related-changes.patch deleted file mode 100644 index a1ebd87..0000000 --- a/0013-Fixed-more-libreswan-related-changes.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 2581ac2914b666b427a90ea400e757ef41030bdd Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 14:45:06 -0500 -Subject: [PATCH 13/20] Fixed more libreswan related changes. - ---- - src/nm-openswan-service-helper.c | 7 +++---- - src/nm-openswan-service.c | 8 ++++---- - 2 files changed, 7 insertions(+), 8 deletions(-) - -diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c -index d521645..cde7443 100644 ---- a/src/nm-openswan-service-helper.c -+++ b/src/nm-openswan-service-helper.c -@@ -204,8 +204,8 @@ addr_list_to_gvalue (const char *str) - * - * PLUTO_PEER -- vpn gateway address - * PLUTO_MY_SOURCEIP -- address -- * PLUTO_CISCO_DNS_INFO -- list of dns serverss -- * PLUTO_CISCO_DOMAIN_INFO -- default domain name -+ * PLUTO_PEER_DNS_INFO -- list of dns serverss -+ * PLUTO_PEER_DOMAIN_INFO -- default domain name - * PLUTO_PEER_BANNER -- banner from server - * - */ -@@ -247,8 +247,7 @@ main (int argc, char *argv[]) - if (val) - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_GATEWAY, val); - else -- helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)"); -- -+ helper_failed (connection, "IPsec/Pluto Right Peer (VPN Gateway)"); - - /* - * Tunnel device -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index 64792a6..d59c58f 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -860,15 +860,15 @@ main (int argc, char *argv[]) - g_option_context_parse (opt_ctx, &argc, &argv, NULL); - g_option_context_free (opt_ctx); - -- if (getenv ("OPENSWAN_DEBUG")) -+ if (getenv ("IPSEC_DEBUG")) - debug = TRUE; - - if (debug) -- g_message ("nm-openswan-service (version " DIST_VERSION ") starting..."); -+ g_printf ("nm-openswan-service (version " DIST_VERSION ") starting...\n"); - - plugin = nm_openswan_plugin_new (); - if (!plugin) -- exit (1); -+ exit (EXIT_FAILURE); - - loop = g_main_loop_new (NULL, FALSE); - -@@ -881,5 +881,5 @@ main (int argc, char *argv[]) - g_main_loop_unref (loop); - g_object_unref (plugin); - -- exit (0); -+ exit (EXIT_SUCCESS); - } --- -1.8.3.1 - diff --git a/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch b/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch deleted file mode 100644 index 924e0fe..0000000 --- a/0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch +++ /dev/null @@ -1,27 +0,0 @@ -From fdd136923c77b71080f2ccb2c0fe0a5234e73c1c Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 14:47:14 -0500 -Subject: [PATCH 14/20] Fixed an issue where nm-openswan service is searching - for ipsec binary in both /sbin and /usr/sbin leading to same operation twice, - as /sbin is just symlink to /usr/sbin, so removed /sbin from the search - paths. - ---- - src/nm-openswan-service.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index d59c58f..7f1a9c9 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -57,7 +57,6 @@ typedef struct { - static const char *openswan_binary_paths[] = - { - "/usr/sbin/ipsec", -- "/sbin/ipsec", - "/usr/local/sbin/ipsec", - NULL - }; --- -1.8.3.1 - diff --git a/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch b/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch deleted file mode 100644 index 9d3df67..0000000 --- a/0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 24e2b36b20f2b6d42f715618e13c2919ad0fc51c Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 15:04:09 -0500 -Subject: [PATCH 15/20] Rewrite pluto watch API which watches the pluto process - for its status. Fixed memory leak issues as not all child processes were - reaped correctly. Also g_spwan_close_pid was not being called after children - were reaped. Also modified debugs and added more to help with debugging in - the future. - ---- - src/nm-openswan-service.c | 52 +++++++++++++++++++++++++++-------------------- - 1 file changed, 30 insertions(+), 22 deletions(-) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index 7f1a9c9..b73ab1f 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -207,30 +207,33 @@ nm_openswan_secrets_validate (NMSettingVPN *s_vpn, GError **error) - } - - static void --openswan_watch_cb_auto (GPid pid, gint status, gpointer user_data) -+pluto_watch_cb (GPid pid, gint status, gpointer user_data) - { - NMOPENSWANPlugin *plugin = NM_OPENSWAN_PLUGIN (user_data); - NMOPENSWANPluginPrivate *priv = NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin); - guint error = 0; - -+ if(debug) -+ g_printf("pluto_watch: current child pid = %d, pluto pid=%d\n", pid, priv->pid); -+ - if (WIFEXITED (status)) { - error = WEXITSTATUS (status); - if (error != 0) -- g_warning ("openswan: ipsec auto exited with error code %d", error); -+ g_printf ("pluto_watch: pluto exited with error code %d\n", error); - } - else if (WIFSTOPPED (status)) -- g_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); -+ g_printf ("pluto_watch: pluto stopped unexpectedly with signal %d\n", WSTOPSIG (status)); - else if (WIFSIGNALED (status)) -- g_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); -+ g_printf ("pluto_watch: pluto died with signal %d\n", WTERMSIG (status)); - else -- g_warning ("openswan: ipsec auto died from an unknown cause"); -+ g_printf ("pluto_watch: pluto died from an unknown cause\n"); - - /* Reap child if needed. */ -- //waitpid (priv->pid_auto, NULL, WNOHANG); -- //priv->pid_auto = 0; -+ waitpid (pid, NULL, WNOHANG); -+ -+ if(debug) -+ g_printf ("pluto_watch: reaped child pid =%d\n", pid); - -- waitpid (priv->pid, NULL, WNOHANG); -- priv->pid = 0; - - /* Must be after data->state is set since signals use data->state */ - switch (error) { -@@ -246,18 +249,29 @@ openswan_watch_cb_auto (GPid pid, gint status, gpointer user_data) - break; - } - -- nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); -+ if(pid == priv->pid || error) { -+ priv->pid = 0; -+ -+ if(debug) -+ g_printf ("pluto_watch: nm pluto service is stopping\n"); -+ -+ nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); -+ } -+ -+ if(debug) -+ g_printf ("pluto_watch: nm pluto service will continue after reaping a child\n"); -+ -+ /*closing pid*/ -+ g_spawn_close_pid(pid); - } - - - static gint --//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) - nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - { - GPid pid, pid_auto; - const char **openswan_binary = NULL; - GPtrArray *openswan_argv; -- GSource *openswan_watch; - gint stdin_fd; - - /* Find openswan ipsec */ -@@ -293,11 +307,8 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - - g_message ("openswan: ipsec started with pid %d", pid); - -- NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; -- openswan_watch = g_child_watch_source_new (pid); -- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); -- g_source_attach (openswan_watch, NULL); -- g_source_unref (openswan_watch); -+ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; -+ g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); - - sleep(2); - -@@ -322,11 +333,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - - g_message ("openswan: ipsec auto started with pid %d", pid_auto); - -- /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; -- openswan_watch = g_child_watch_source_new (pid_auto); -- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); -- g_source_attach (openswan_watch, NULL); -- g_source_unref (openswan_watch);*/ -+ g_child_watch_add(pid_auto, (GChildWatchFunc) pluto_watch_cb, plugin); - - return stdin_fd; - } -@@ -376,6 +383,7 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) - g_ptr_array_free (openswan_argv, TRUE); - - sleep(3); -+ g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); - - g_message ("openswan: ipsec auto connection started with pid %d", pid); - --- -1.8.3.1 - diff --git a/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch b/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch deleted file mode 100644 index f3bad15..0000000 --- a/0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch +++ /dev/null @@ -1,28 +0,0 @@ -From dde144e924005c3048061b4d758019a1358ac505 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 15:05:25 -0500 -Subject: [PATCH 16/20] Fixed defaults values for more parameters to help the - VPN connection stay more reliable. - ---- - src/nm-openswan-service.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index b73ab1f..b807bcc 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -573,6 +573,10 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, - } - - write_config_option (fdtmp1, " nm_configured=yes\n"); -+ write_config_option (fdtmp1, " rekey=yes\n"); -+ write_config_option (fdtmp1, " salifetime=24h\n"); -+ write_config_option (fdtmp1, " ikelifetime=24h\n"); -+ write_config_option (fdtmp1, " keyingtries=1\n"); - write_config_option (fdtmp1, " auto=add"); - } - --- -1.8.3.1 - diff --git a/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch b/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch deleted file mode 100644 index 2428ce9..0000000 --- a/0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 9dadb938c40e4d56fea6c6d55f3c9b90e776fb62 Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 15:21:54 -0500 -Subject: [PATCH 17/20] Fixed initiation of pluto daemon by this plugin to - reflect the changes in libreaswan. - ---- - src/nm-openswan-service.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index b807bcc..f205c1d 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -49,7 +49,6 @@ G_DEFINE_TYPE (NMOPENSWANPlugin, nm_openswan_plugin, NM_TYPE_VPN_PLUGIN) - - typedef struct { - GPid pid; -- GPid pid_auto; - } NMOPENSWANPluginPrivate; - - #define NM_OPENSWAN_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_OPENSWAN_PLUGIN, NMOPENSWANPluginPrivate)) -@@ -291,14 +290,20 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - return -1; - } - -- openswan_argv = g_ptr_array_new (); -- g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); -- g_ptr_array_add (openswan_argv, (gpointer) "setup"); -+ /*openswan_argv = g_ptr_array_new (); - g_ptr_array_add (openswan_argv, (gpointer) "start"); - g_ptr_array_add (openswan_argv, NULL); - -+ g_ptr_array_free (openswan_argv, TRUE);*/ -+ openswan_argv = g_ptr_array_new (); -+ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/pluto"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--config"); -+ g_ptr_array_add (openswan_argv, (gpointer) "/etc/ipsec.conf"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--nofork"); -+ g_ptr_array_add (openswan_argv, NULL); -+ - if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, -- 0, NULL, NULL, &pid, error)) { -+ G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) { - g_ptr_array_free (openswan_argv, TRUE); - g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); - return -1; --- -1.8.3.1 - diff --git a/0018-Fixed-various-debug-messages.patch b/0018-Fixed-various-debug-messages.patch deleted file mode 100644 index cedde11..0000000 --- a/0018-Fixed-various-debug-messages.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 9ef10efa0905b22395987d99b26b8d5cbebd03ba Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 15:23:59 -0500 -Subject: [PATCH 18/20] Fixed various debug messages. - ---- - src/nm-openswan-service.c | 25 +++++++++++++------------ - 1 file changed, 13 insertions(+), 12 deletions(-) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index f205c1d..fffd020 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -305,12 +305,12 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, - G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) { - g_ptr_array_free (openswan_argv, TRUE); -- g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); -+ g_printf ("pluto failed to start. error: '%s'\n", (*error)->message); - return -1; - } - g_ptr_array_free (openswan_argv, TRUE); - -- g_message ("openswan: ipsec started with pid %d", pid); -+ g_printf ("ipsec/pluto started with pid %d\n", pid); - - NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; - g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); -@@ -331,20 +331,19 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - NULL, NULL, error)) { - - g_ptr_array_free (openswan_argv, TRUE); -- g_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); -+ g_printf ("ipsec auto add failed with error: '%s'\n", (*error)->message); - return -1; - } - g_ptr_array_free (openswan_argv, TRUE); - -- g_message ("openswan: ipsec auto started with pid %d", pid_auto); -+ if(debug) -+ g_printf ("pluto auto started with pid %d\n", pid_auto); - - g_child_watch_add(pid_auto, (GChildWatchFunc) pluto_watch_cb, plugin); - - return stdin_fd; - } - -- -- - static gint - nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) - { -@@ -382,15 +381,17 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) - NULL, NULL, error)) { - - g_ptr_array_free (openswan_argv, TRUE); -- g_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); -+ g_printf ("ipsec/pluto auto connection failed to start. error: '%s'\n", (*error)->message); - return -1; - } - g_ptr_array_free (openswan_argv, TRUE); - -- sleep(3); -+ if(debug) -+ g_printf ("pluto up started with pid %d\n", pid); -+ - g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin); - -- g_message ("openswan: ipsec auto connection started with pid %d", pid); -+ //sleep(3); - - return stdin_fd; - } -@@ -408,7 +409,7 @@ write_config_option (int fd, const char *format, ...) - g_print ("Config: %s", string); - - if ( write (fd, string, strlen (string)) == -1) { -- g_warning ("nm-openswan: error in write_config_option"); -+ g_printf ("nm-openswan: error in write_config_option\n"); - } - - g_free (string); -@@ -521,7 +522,7 @@ write_one_property (const char *key, const char *value, gpointer user_data) - /* ignored */ - } else { - /* Just ignore unknown properties */ -- g_warning ("Don't know how to write property '%s' with type %s", -+ g_printf ("Don't know how to write property '%s' with type %s\n", - (char *) key, g_type_name (type)); - } - } -@@ -676,7 +677,7 @@ real_connect (NMVPNPlugin *plugin, - if (openswan_fd < 0) - goto out; - -- write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); -+ write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); - close(openswan_fd); - openswan_fd=-1; - --- -1.8.3.1 - diff --git a/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch b/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch deleted file mode 100644 index 127977a..0000000 --- a/0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 27c17d7d805ad87632872cf2ded5237fc59159dd Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 15:25:35 -0500 -Subject: [PATCH 19/20] Fixed the termination operation of pluto daemon to - comply with libreswan changes. - ---- - src/nm-openswan-service.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index fffd020..af541bd 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -769,20 +769,21 @@ real_disconnect (NMVPNPlugin *plugin, - } - - openswan_argv = g_ptr_array_new (); -- g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); -- g_ptr_array_add (openswan_argv, (gpointer) "setup"); -- g_ptr_array_add (openswan_argv, (gpointer) "stop"); -+ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/whack"); -+ g_ptr_array_add (openswan_argv, (gpointer) "--shutdown"); -+ //g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); -+ //g_ptr_array_add (openswan_argv, (gpointer) "setup"); -+ //g_ptr_array_add (openswan_argv, (gpointer) "stop"); - g_ptr_array_add (openswan_argv, NULL); - - if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, - 0, NULL, NULL, NULL, error)) { - g_ptr_array_free (openswan_argv, TRUE); -- g_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); -+ g_printf ("ipsec (pluto) failed to stop. error: '%s'\n", (*error)->message); - return -1; - } - g_ptr_array_free (openswan_argv, TRUE); - -- - return TRUE; - } - --- -1.8.3.1 - diff --git a/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch b/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch deleted file mode 100644 index 364b6f0..0000000 --- a/0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 7559f06152549e0c457d08c67f2d3088b37c6ccf Mon Sep 17 00:00:00 2001 -From: Avesh Agarwal -Date: Tue, 10 Dec 2013 16:56:18 -0500 -Subject: [PATCH 20/20] Fixed an issue where proper network stack is not loaded - unless _stackmanager is run before starting pluto daemon service. - ---- - src/nm-openswan-service.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index af541bd..f6afee5 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -290,11 +290,19 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) - return -1; - } - -- /*openswan_argv = g_ptr_array_new (); -+ openswan_argv = g_ptr_array_new (); -+ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/_stackmanager"); - g_ptr_array_add (openswan_argv, (gpointer) "start"); - g_ptr_array_add (openswan_argv, NULL); - -- g_ptr_array_free (openswan_argv, TRUE);*/ -+ if (!g_spawn_sync (NULL, (char **) openswan_argv->pdata, NULL, -+ 0, NULL, NULL, NULL, NULL, NULL, error)) { -+ g_ptr_array_free (openswan_argv, TRUE); -+ g_printf ("pluto _stackmanager failed with error: '%s'\n", (*error)->message); -+ return -1; -+ } -+ g_ptr_array_free (openswan_argv, TRUE); -+ - openswan_argv = g_ptr_array_new (); - g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/pluto"); - g_ptr_array_add (openswan_argv, (gpointer) "--config"); --- -1.8.3.1 - diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 14714e3..ba9bf39 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,49 +1,23 @@ -#%define nm_version 1:0.9.8 +#%define nm_version 1:0.9.9.95 -%define realversion 0.9.8.4 +%define realversion 1.0.0 -Summary: NetworkManager VPN plug-in for openswan +Summary: NetworkManager VPN plug-in for openswan and libreswan Name: NetworkManager-openswan -Version: 0.9.8.4 -Release: 4%{?dist} +Version: 1.0.0 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base -URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ -Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/%{name}-%{realversion}.tar.xz +URL: https://download.gnome.org/sources/NetworkManager-openswan/1.0/ +Source0: https://download.gnome.org/sources/NetworkManager-openswan/1.0/%{name}-%{realversion}.tar.xz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) -Patch1: 0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch -Patch2: 0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch -Patch3: 0003-Fixed-Networkmanager-and-related-lib-dependencies.patch -Patch4: 0004-Fixed-gnomekeyring-lib-dependencies.patch -Patch5: 0005-Fixed-dead-code-based-on-coverity-scan.patch -Patch6: 0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch -Patch7: 0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch -Patch8: 0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch -Patch9: 0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch -Patch10: 0010-Fixed-more-coverity-scan-issues.patch -Patch11: 0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch -Patch12: 0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch -Patch13: 0013-Fixed-more-libreswan-related-changes.patch -Patch14: 0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch -Patch15: 0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch -Patch16: 0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch -Patch17: 0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch -Patch18: 0018-Fixed-various-debug-messages.patch -Patch19: 0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch -Patch20: 0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch -Patch21: nm-openswan-1035786-1040924.patch BuildRequires: gtk3-devel BuildRequires: dbus-devel -BuildRequires: NetworkManager-devel -BuildRequires: NetworkManager-glib-devel BuildRequires: NetworkManager-devel >= %{nm_version} BuildRequires: NetworkManager-glib-devel >= %{nm_version} -%if 0%{?fedora} > 16 || 0%{?rhel} >= 7 -BuildRequires: libgnome-keyring-devel -%else -BuildRequires: gnome-keyring-devel -%endif +BuildRequires: libnm-gtk-devel >= %{nm_version} +BuildRequires: libsecret-devel BuildRequires: intltool gettext Requires: NetworkManager >= %{nm_version} @@ -52,18 +26,17 @@ Requires: gtk3 Requires: dbus Requires: libreswan Requires: shared-mime-info -#Requires: nm-connection-editor %global _privatelibs libnm-openswan-properties[.]so.* %global __provides_exclude ^(%{_privatelibs})$ %global __requires_exclude ^(%{_privatelibs})$ %description -This package contains software for integrating the openswan VPN software +This package contains software for integrating the openswan/libreswan VPN software with NetworkManager and the GNOME desktop %package -n NetworkManager-openswan-gnome -Summary: NetworkManager VPN plugin for openswan - GNOME files +Summary: NetworkManager VPN plugin for openswan/libreswan - GNOME files Group: System Environment/Base Requires: NetworkManager-openswan = %{version}-%{release} @@ -75,27 +48,6 @@ the openswan/libreswan server with NetworkManager (GNOME files). %prep %setup -q -n NetworkManager-openswan-%{realversion} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 %build autoreconf @@ -106,7 +58,7 @@ make %{?_smp_mflags} make install DESTDIR=$RPM_BUILD_ROOT rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.a -mv %{buildroot}%{_libexecdir}/nm-openswan-service-helper %{buildroot}%{_libexecdir}/nm-libreswan-service-helper +ln -sf %{_libexecdir}/nm-openswan-service-helper %{buildroot}%{_libexecdir}/nm-libreswan-service-helper %find_lang %{name} @@ -127,10 +79,9 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/dbus-1/system.d/nm-openswan-service.conf %{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name %{_libexecdir}/nm-openswan-service +%{_libexecdir}/nm-openswan-service-helper %{_libexecdir}/nm-libreswan-service-helper %{_datadir}/applications/nm-openswan-auth-dialog.desktop -#%dir %{_datadir}/gnome-vpn-properties/openswan -#%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui %files -n NetworkManager-openswan-gnome %doc AUTHORS ChangeLog COPYING @@ -140,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Dec 22 2014 Dan Williams - 1.0.0-1 +- Update to 1.0 + * Fri Aug 15 2014 Fedora Release Engineering - 0.9.8.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild diff --git a/nm-openswan-1035786-1040924.patch b/nm-openswan-1035786-1040924.patch deleted file mode 100644 index 6e45e51..0000000 --- a/nm-openswan-1035786-1040924.patch +++ /dev/null @@ -1,30 +0,0 @@ -commit 044bd7593961389f24b1fdab7849f86da9f96246 -Author: Avesh Agarwal -Date: Thu Dec 12 14:55:26 2013 -0500 - - Fixes for rhbz#1035786 (and its duplicate: rhbz#1040924). - The patch is from here: - https://bug720319.bugzilla-attachments.gnome.org/attachment.cgi?id=264063 - Just did minor modifcation. - -diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c -index e164e85..7bb1413 100644 ---- a/properties/nm-openswan.c -+++ b/properties/nm-openswan.c -@@ -580,6 +580,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) - char *ui_file; - NMSettingVPN *s_vpn; - gboolean is_new = TRUE; -+ const char *object_ids[] = { "openswan-vbox", "model1", "model2", NULL }; - - if (error) - g_return_val_if_fail (*error == NULL, NULL); -@@ -598,7 +599,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error) - - gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE); - -- if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) { -+ if (!gtk_builder_add_objects_from_file (priv->builder, ui_file, object_ids, error)) { - g_warning ("Couldn't load builder file: %s", - error && *error ? (*error)->message : "(unknown)"); - g_clear_error (error); diff --git a/sources b/sources index 5ae9be8..269d7bb 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -4aafa86d4203bb2b51c93165db165086 NetworkManager-openswan-0.9.8.4.sha256sum -6cb2b64bc79c4174856613d077667b66 NetworkManager-openswan-0.9.8.4.tar.xz +2294c870a370e61ba1fa58149d89aa4c NetworkManager-openswan-1.0.0.tar.xz From 28a96ac685a0f26fabf3cab5ba91fb799fb51706 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 5 May 2015 14:42:19 +0200 Subject: [PATCH 30/37] Update to 1.0.2 release --- .gitignore | 1 + NetworkManager-openswan.spec | 16 +++++++++------- sources | 2 +- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 65e5de7..b0021bb 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ NetworkManager-openswan-0.8.tar.gz /NetworkManager-openswan-0.9.8.4.sha256sum /NetworkManager-openswan-0.9.8.4.tar.xz /NetworkManager-openswan-1.0.0.tar.xz +/NetworkManager-openswan-1.0.2.tar.xz diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index ba9bf39..f0b9f23 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,10 +1,10 @@ -#%define nm_version 1:0.9.9.95 +%define nm_version 0.9.9.95 -%define realversion 1.0.0 +%define realversion 1.0.2 Summary: NetworkManager VPN plug-in for openswan and libreswan Name: NetworkManager-openswan -Version: 1.0.0 +Version: %{realversion} Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base @@ -14,13 +14,13 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: gtk3-devel BuildRequires: dbus-devel -BuildRequires: NetworkManager-devel >= %{nm_version} -BuildRequires: NetworkManager-glib-devel >= %{nm_version} +BuildRequires: NetworkManager-devel >= 1:%{nm_version} +BuildRequires: NetworkManager-glib-devel >= 1:%{nm_version} BuildRequires: libnm-gtk-devel >= %{nm_version} BuildRequires: libsecret-devel BuildRequires: intltool gettext -Requires: NetworkManager >= %{nm_version} +Requires: NetworkManager >= 1:%{nm_version} Requires: gnome-keyring Requires: gtk3 Requires: dbus @@ -50,7 +50,6 @@ the openswan/libreswan server with NetworkManager (GNOME files). %setup -q -n NetworkManager-openswan-%{realversion} %build -autoreconf %configure --disable-static --enable-more-warnings=yes make %{?_smp_mflags} @@ -91,6 +90,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue May 5 2015 Lubomir Rintel - 1.0.2-1 +- Update to 1.0.2 release + * Mon Dec 22 2014 Dan Williams - 1.0.0-1 - Update to 1.0 diff --git a/sources b/sources index 269d7bb..cb6ec27 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2294c870a370e61ba1fa58149d89aa4c NetworkManager-openswan-1.0.0.tar.xz +8290240d7f7e5591fba477b3b163e1bf NetworkManager-openswan-1.0.2.tar.xz From 5e337dad4834727b135f47b1a3cc75694f950ae1 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Tue, 5 May 2015 15:00:00 +0200 Subject: [PATCH 31/37] Add a missing BR --- NetworkManager-openswan.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index f0b9f23..901250d 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -14,6 +14,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: gtk3-devel BuildRequires: dbus-devel +BuildRequires: libnl3-devel BuildRequires: NetworkManager-devel >= 1:%{nm_version} BuildRequires: NetworkManager-glib-devel >= 1:%{nm_version} BuildRequires: libnm-gtk-devel >= %{nm_version} From 7d45ae67fd554bc3d37b3efa05c62bdc25f47369 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 16 Jun 2015 22:59:12 +0000 Subject: [PATCH 32/37] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- NetworkManager-openswan.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 901250d..bf53222 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -5,7 +5,7 @@ Summary: NetworkManager VPN plug-in for openswan and libreswan Name: NetworkManager-openswan Version: %{realversion} -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base URL: https://download.gnome.org/sources/NetworkManager-openswan/1.0/ @@ -91,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Jun 16 2015 Fedora Release Engineering - 1.0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Tue May 5 2015 Lubomir Rintel - 1.0.2-1 - Update to 1.0.2 release From 93444e75f49797831d696e7bb8b413102ef990f9 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Thu, 27 Aug 2015 20:07:53 +0200 Subject: [PATCH 33/37] Update to 1.0.6 release --- .gitignore | 1 + NetworkManager-openswan.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b0021bb..155cbc8 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ NetworkManager-openswan-0.8.tar.gz /NetworkManager-openswan-0.9.8.4.tar.xz /NetworkManager-openswan-1.0.0.tar.xz /NetworkManager-openswan-1.0.2.tar.xz +/NetworkManager-openswan-1.0.6.tar.xz diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index bf53222..afe894a 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,11 +1,11 @@ %define nm_version 0.9.9.95 -%define realversion 1.0.2 +%define realversion 1.0.6 Summary: NetworkManager VPN plug-in for openswan and libreswan Name: NetworkManager-openswan Version: %{realversion} -Release: 2%{?dist} +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base URL: https://download.gnome.org/sources/NetworkManager-openswan/1.0/ @@ -91,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Aug 27 2015 Lubomir Rintel - 1.0.6-1 +- Update to 1.0.6 release + * Tue Jun 16 2015 Fedora Release Engineering - 1.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild diff --git a/sources b/sources index cb6ec27..dd5296f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8290240d7f7e5591fba477b3b163e1bf NetworkManager-openswan-1.0.2.tar.xz +df9144805f37dc30dfaeab8da762f615 NetworkManager-openswan-1.0.6.tar.xz From 152491ca3548bd891462e3dd26b113e86ee7f11a Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Fri, 28 Aug 2015 12:48:03 +0200 Subject: [PATCH 34/37] Don't unconditionally set cisco-unity=yes --- 0001-service-add-vendor-property.patch | 52 ++++++++++++++++++++++++++ NetworkManager-openswan.spec | 9 ++++- 2 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 0001-service-add-vendor-property.patch diff --git a/0001-service-add-vendor-property.patch b/0001-service-add-vendor-property.patch new file mode 100644 index 0000000..989d2f6 --- /dev/null +++ b/0001-service-add-vendor-property.patch @@ -0,0 +1,52 @@ +From afce38364f56abeda204b26eefec2e412d1ca5ef Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Thu, 27 Aug 2015 16:38:16 +0200 +Subject: [PATCH] service: add vendor property + +This was added and pushed by accident; shouldn't be unconditional. However we +still need it for testing against Racoon, make it configurable in a fashion +similar to the VPNC plugin. + +Fixes: b59e8b37a15ec8754a17495da2c670af8536e102 +(cherry picked from commit 8c0ffb6b2e7a73f098574c227385c7f8dbbb4035) +--- + src/nm-openswan-service.c | 3 ++- + src/nm-openswan-service.h | 1 + + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c +index 40e56f3..7e293d0 100644 +--- a/src/nm-openswan-service.c ++++ b/src/nm-openswan-service.c +@@ -137,6 +137,7 @@ static ValidProperty valid_properties[] = { + { NM_OPENSWAN_DPDTIMEOUT, G_TYPE_INT, 0, 86400 }, + { NM_OPENSWAN_IKE, G_TYPE_STRING, 0, 0 }, + { NM_OPENSWAN_ESP, G_TYPE_STRING, 0, 0 }, ++ { NM_OPENSWAN_VENDOR, G_TYPE_STRING, 0, 0 }, + /* Ignored option for internal use */ + { NM_OPENSWAN_PSK_INPUT_MODES, G_TYPE_NONE, 0, 0 }, + { NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES, G_TYPE_NONE, 0, 0 }, +@@ -655,7 +656,7 @@ nm_openswan_config_write (gint fd, + write_config_option (fd, " salifetime=24h\n"); + write_config_option (fd, " ikelifetime=24h\n"); + write_config_option (fd, " keyingtries=1\n"); +- if (libreswan) ++ if (libreswan && g_strcmp0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_VENDOR), "Cisco") == 0) + write_config_option (fd, " cisco-unity=yes\n"); + write_config_option (fd, " auto=add"); + +diff --git a/src/nm-openswan-service.h b/src/nm-openswan-service.h +index fed9b7c..156ce68 100644 +--- a/src/nm-openswan-service.h ++++ b/src/nm-openswan-service.h +@@ -41,6 +41,7 @@ + #define NM_OPENSWAN_DPDTIMEOUT "dpdtimeout" + #define NM_OPENSWAN_IKE "ike" + #define NM_OPENSWAN_ESP "esp" ++#define NM_OPENSWAN_VENDOR "vendor" + + #define NM_OPENSWAN_PW_TYPE_SAVE "save" + #define NM_OPENSWAN_PW_TYPE_ASK "ask" +-- +2.4.3 + diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index afe894a..28fd172 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -5,12 +5,13 @@ Summary: NetworkManager VPN plug-in for openswan and libreswan Name: NetworkManager-openswan Version: %{realversion} -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2+ Group: System Environment/Base URL: https://download.gnome.org/sources/NetworkManager-openswan/1.0/ Source0: https://download.gnome.org/sources/NetworkManager-openswan/1.0/%{name}-%{realversion}.tar.xz -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +Patch0: 0001-service-add-vendor-property.patch BuildRequires: gtk3-devel BuildRequires: dbus-devel @@ -49,6 +50,7 @@ the openswan/libreswan server with NetworkManager (GNOME files). %prep %setup -q -n NetworkManager-openswan-%{realversion} +%patch0 -p1 %build %configure --disable-static --enable-more-warnings=yes @@ -91,6 +93,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Aug 28 2015 Lubomir Rintel - 1.0.6-2 +- Don't unconditionally set cisco-unity=yes + * Thu Aug 27 2015 Lubomir Rintel - 1.0.6-1 - Update to 1.0.6 release From cae3a3fc4eca4f9eeeeba30dfd369f83352f7aa4 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Mon, 31 Aug 2015 17:03:39 +0200 Subject: [PATCH 35/37] Update to 1.2 git snapshot with libnm-based properties plugin --- .gitignore | 1 + 0001-service-add-vendor-property.patch | 52 -------------------------- NetworkManager-openswan.spec | 47 ++++++++++++----------- sources | 2 +- 4 files changed, 25 insertions(+), 77 deletions(-) delete mode 100644 0001-service-add-vendor-property.patch diff --git a/.gitignore b/.gitignore index 155cbc8..ce4a879 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ NetworkManager-openswan-0.8.tar.gz /NetworkManager-openswan-1.0.0.tar.xz /NetworkManager-openswan-1.0.2.tar.xz /NetworkManager-openswan-1.0.6.tar.xz +/NetworkManager-openswan-1.2.0.tar.xz diff --git a/0001-service-add-vendor-property.patch b/0001-service-add-vendor-property.patch deleted file mode 100644 index 989d2f6..0000000 --- a/0001-service-add-vendor-property.patch +++ /dev/null @@ -1,52 +0,0 @@ -From afce38364f56abeda204b26eefec2e412d1ca5ef Mon Sep 17 00:00:00 2001 -From: Lubomir Rintel -Date: Thu, 27 Aug 2015 16:38:16 +0200 -Subject: [PATCH] service: add vendor property - -This was added and pushed by accident; shouldn't be unconditional. However we -still need it for testing against Racoon, make it configurable in a fashion -similar to the VPNC plugin. - -Fixes: b59e8b37a15ec8754a17495da2c670af8536e102 -(cherry picked from commit 8c0ffb6b2e7a73f098574c227385c7f8dbbb4035) ---- - src/nm-openswan-service.c | 3 ++- - src/nm-openswan-service.h | 1 + - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c -index 40e56f3..7e293d0 100644 ---- a/src/nm-openswan-service.c -+++ b/src/nm-openswan-service.c -@@ -137,6 +137,7 @@ static ValidProperty valid_properties[] = { - { NM_OPENSWAN_DPDTIMEOUT, G_TYPE_INT, 0, 86400 }, - { NM_OPENSWAN_IKE, G_TYPE_STRING, 0, 0 }, - { NM_OPENSWAN_ESP, G_TYPE_STRING, 0, 0 }, -+ { NM_OPENSWAN_VENDOR, G_TYPE_STRING, 0, 0 }, - /* Ignored option for internal use */ - { NM_OPENSWAN_PSK_INPUT_MODES, G_TYPE_NONE, 0, 0 }, - { NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES, G_TYPE_NONE, 0, 0 }, -@@ -655,7 +656,7 @@ nm_openswan_config_write (gint fd, - write_config_option (fd, " salifetime=24h\n"); - write_config_option (fd, " ikelifetime=24h\n"); - write_config_option (fd, " keyingtries=1\n"); -- if (libreswan) -+ if (libreswan && g_strcmp0 (nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_VENDOR), "Cisco") == 0) - write_config_option (fd, " cisco-unity=yes\n"); - write_config_option (fd, " auto=add"); - -diff --git a/src/nm-openswan-service.h b/src/nm-openswan-service.h -index fed9b7c..156ce68 100644 ---- a/src/nm-openswan-service.h -+++ b/src/nm-openswan-service.h -@@ -41,6 +41,7 @@ - #define NM_OPENSWAN_DPDTIMEOUT "dpdtimeout" - #define NM_OPENSWAN_IKE "ike" - #define NM_OPENSWAN_ESP "esp" -+#define NM_OPENSWAN_VENDOR "vendor" - - #define NM_OPENSWAN_PW_TYPE_SAVE "save" - #define NM_OPENSWAN_PW_TYPE_ASK "ask" --- -2.4.3 - diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 28fd172..d475d19 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,24 +1,22 @@ -%define nm_version 0.9.9.95 - -%define realversion 1.0.6 +%global snapshot .20150903git6cb0148 +%global nm_version 1.1.0 Summary: NetworkManager VPN plug-in for openswan and libreswan Name: NetworkManager-openswan -Version: %{realversion} -Release: 2%{?dist} +Version: 1.2.0 +Release: 0.1%{?snapshot}%{?dist} License: GPLv2+ +URL: http://www.gnome.org/projects/NetworkManager/ Group: System Environment/Base -URL: https://download.gnome.org/sources/NetworkManager-openswan/1.0/ -Source0: https://download.gnome.org/sources/NetworkManager-openswan/1.0/%{name}-%{realversion}.tar.xz - -Patch0: 0001-service-add-vendor-property.patch +Source0: https://download.gnome.org/sources/NetworkManager-openswan/1.2/%{name}-%{version}.tar.xz BuildRequires: gtk3-devel -BuildRequires: dbus-devel BuildRequires: libnl3-devel -BuildRequires: NetworkManager-devel >= 1:%{nm_version} -BuildRequires: NetworkManager-glib-devel >= 1:%{nm_version} +BuildRequires: NetworkManager-devel >= 1:%{nm_version} +BuildRequires: NetworkManager-glib-devel >= 1:%{nm_version} +BuildRequires: NetworkManager-libnm-devel >= 1:%{nm_version} BuildRequires: libnm-gtk-devel >= %{nm_version} +BuildRequires: libnma-devel >= %{nm_version} BuildRequires: libsecret-devel BuildRequires: intltool gettext @@ -41,7 +39,7 @@ with NetworkManager and the GNOME desktop Summary: NetworkManager VPN plugin for openswan/libreswan - GNOME files Group: System Environment/Base -Requires: NetworkManager-openswan = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} Requires: nm-connection-editor %description -n NetworkManager-openswan-gnome @@ -49,17 +47,18 @@ This package contains software for integrating VPN capabilities with the openswan/libreswan server with NetworkManager (GNOME files). %prep -%setup -q -n NetworkManager-openswan-%{realversion} -%patch0 -p1 +%setup -q %build -%configure --disable-static --enable-more-warnings=yes +%configure \ + --disable-static \ + --enable-more-warnings=yes \ + --with-dist-version=%{version}-%{release} make %{?_smp_mflags} %install make install DESTDIR=$RPM_BUILD_ROOT rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la -rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.a ln -sf %{_libexecdir}/nm-openswan-service-helper %{buildroot}%{_libexecdir}/nm-libreswan-service-helper %find_lang %{name} @@ -70,29 +69,29 @@ update-desktop-database &> /dev/null || : %postun update-desktop-database &> /dev/null || : -%clean -rm -rf $RPM_BUILD_ROOT - %files -f %{name}.lang %defattr(-, root, root,-) -%doc AUTHORS ChangeLog COPYING -#%{_libdir}/NetworkManager/lib*.so* %{_libexecdir}/nm-openswan-auth-dialog %{_sysconfdir}/dbus-1/system.d/nm-openswan-service.conf -%{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name +%{_prefix}/lib/NetworkManager/VPN/nm-openswan-service.name %{_libexecdir}/nm-openswan-service %{_libexecdir}/nm-openswan-service-helper %{_libexecdir}/nm-libreswan-service-helper %{_datadir}/applications/nm-openswan-auth-dialog.desktop +%doc AUTHORS ChangeLog NEWS +%license COPYING %files -n NetworkManager-openswan-gnome -%doc AUTHORS ChangeLog COPYING %{_libdir}/NetworkManager/lib*.so* %dir %{_datadir}/gnome-vpn-properties/openswan %{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui +%{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name %changelog +* Tue Sep 1 2015 Lubomir Rintel - 1.2.0-0.1.20150901git92f1611 +- Update to 1.2 git snapshot with libnm-based properties plugin + * Fri Aug 28 2015 Lubomir Rintel - 1.0.6-2 - Don't unconditionally set cisco-unity=yes diff --git a/sources b/sources index dd5296f..ef4b686 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -df9144805f37dc30dfaeab8da762f615 NetworkManager-openswan-1.0.6.tar.xz +3906c9337b77cf3b24b1df88b2d08113 NetworkManager-openswan-1.2.0.tar.xz From 068702c3550d18adbc322594c6ecd389717ae36d Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Fri, 23 Oct 2015 17:02:45 +0200 Subject: [PATCH 36/37] Update to a newer git snapshot --- NetworkManager-openswan.spec | 23 +++++++++++++---------- sources | 2 +- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index d475d19..6d7c8b5 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,5 +1,6 @@ -%global snapshot .20150903git6cb0148 -%global nm_version 1.1.0 +%global snapshot .20151023git8a39c0f +%global nm_version 1:1.2.0-0.3 +%global nma_version 1.1.0 Summary: NetworkManager VPN plug-in for openswan and libreswan Name: NetworkManager-openswan @@ -12,15 +13,15 @@ Source0: https://download.gnome.org/sources/NetworkManager-openswan/1.2/%{name BuildRequires: gtk3-devel BuildRequires: libnl3-devel -BuildRequires: NetworkManager-devel >= 1:%{nm_version} -BuildRequires: NetworkManager-glib-devel >= 1:%{nm_version} -BuildRequires: NetworkManager-libnm-devel >= 1:%{nm_version} -BuildRequires: libnm-gtk-devel >= %{nm_version} -BuildRequires: libnma-devel >= %{nm_version} +BuildRequires: NetworkManager-devel >= %{nm_version} +BuildRequires: NetworkManager-glib-devel >= %{nm_version} +BuildRequires: NetworkManager-libnm-devel >= %{nm_version} +BuildRequires: libnm-gtk-devel >= %{nma_version} +BuildRequires: libnma-devel >= %{nma_version} BuildRequires: libsecret-devel BuildRequires: intltool gettext -Requires: NetworkManager >= 1:%{nm_version} +Requires: NetworkManager >= %{nm_version} Requires: gnome-keyring Requires: gtk3 Requires: dbus @@ -57,7 +58,7 @@ the openswan/libreswan server with NetworkManager (GNOME files). make %{?_smp_mflags} %install -make install DESTDIR=$RPM_BUILD_ROOT +make install DESTDIR=%{buildroot} rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la ln -sf %{_libexecdir}/nm-openswan-service-helper %{buildroot}%{_libexecdir}/nm-libreswan-service-helper @@ -70,7 +71,6 @@ update-desktop-database &> /dev/null || : update-desktop-database &> /dev/null || : %files -f %{name}.lang -%defattr(-, root, root,-) %{_libexecdir}/nm-openswan-auth-dialog %{_sysconfdir}/dbus-1/system.d/nm-openswan-service.conf %{_prefix}/lib/NetworkManager/VPN/nm-openswan-service.name @@ -89,6 +89,9 @@ update-desktop-database &> /dev/null || : %changelog +* Fri Oct 23 2015 Lubomir Rintel - 1.2.0-0.1.20151023git8a39c0f +- Update to a newer git snapshot + * Tue Sep 1 2015 Lubomir Rintel - 1.2.0-0.1.20150901git92f1611 - Update to 1.2 git snapshot with libnm-based properties plugin diff --git a/sources b/sources index ef4b686..c90278d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3906c9337b77cf3b24b1df88b2d08113 NetworkManager-openswan-1.2.0.tar.xz +da1d7b6c9a8e88918475d5b9411a2167 NetworkManager-openswan-1.2.0.tar.xz From 183639d09802423d9983e4fde2c1a3ead0bc25b3 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel Date: Fri, 23 Oct 2015 17:02:45 +0200 Subject: [PATCH 37/37] Update to a newer git snapshot --- NetworkManager-openswan.spec | 4 ++-- sources | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec index 6d7c8b5..bfafcf7 100644 --- a/NetworkManager-openswan.spec +++ b/NetworkManager-openswan.spec @@ -1,4 +1,4 @@ -%global snapshot .20151023git8a39c0f +%global snapshot .20151028git3caa645 %global nm_version 1:1.2.0-0.3 %global nma_version 1.1.0 @@ -89,7 +89,7 @@ update-desktop-database &> /dev/null || : %changelog -* Fri Oct 23 2015 Lubomir Rintel - 1.2.0-0.1.20151023git8a39c0f +* Fri Oct 28 2015 Lubomir Rintel - 1.2.0-0.1.20151028git3caa645 - Update to a newer git snapshot * Tue Sep 1 2015 Lubomir Rintel - 1.2.0-0.1.20150901git92f1611 diff --git a/sources b/sources index c90278d..85bbc7b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -da1d7b6c9a8e88918475d5b9411a2167 NetworkManager-openswan-1.2.0.tar.xz +09d16a34efc3af7f00cd6199a5b1d0c6 NetworkManager-openswan-1.2.0.tar.xz