rpms/NetworkManager-libreswan
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 1.0

Browse Source
This commit is contained in:
Dan Williams 2014-12-22 14:57:35 -06:00
parent b56d3c8681
commit 60cd718faf
24 changed files with 18 additions and 1397 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,3 +3,4 @@ NetworkManager-openswan-0.8.tar.gz
/NetworkManager-openswan-0.9.8.0.tar.xz /NetworkManager-openswan-0.9.8.0.tar.xz
/NetworkManager-openswan-0.9.8.4.sha256sum /NetworkManager-openswan-0.9.8.4.sha256sum
/NetworkManager-openswan-0.9.8.4.tar.xz /NetworkManager-openswan-0.9.8.4.tar.xz
/NetworkManager-openswan-1.0.0.tar.xz

67
0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch
View File

@ -1,67 +0,0 @@
From ce807219123614d8496b29b591b8147dc190db54 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 13:38:23 -0500
Subject: [PATCH 01/20] NM-openswan was missing support for
nm-openswan-auth-dialog.desktop.in.in. So added a new
nm-openswan-auth-dialog.desktop.in.in, and modified related Makefile and
configure.ac files.
---
auth-dialog/Makefile.am | 15 ++++++++++++++-
auth-dialog/nm-openswan-auth-dialog.desktop.in.in | 7 +++++++
configure.ac | 1 +
3 files changed, 22 insertions(+), 1 deletion(-)
create mode 100644 auth-dialog/nm-openswan-auth-dialog.desktop.in.in
diff --git a/auth-dialog/Makefile.am b/auth-dialog/Makefile.am
index 4b5a01d..d1e8711 100644
--- a/auth-dialog/Makefile.am
+++ b/auth-dialog/Makefile.am
@@ -22,5 +22,18 @@ nm_openswan_auth_dialog_LDADD = \
$(GTK_LIBS) \
$(GNOMEKEYRING_LIBS)
-CLEANFILES = *~
+@INTLTOOL_DESKTOP_RULE@
+desktopdir = $(datadir)/applications
+desktop_in_in_files = nm-openswan-auth-dialog.desktop.in.in
+desktop_in_files = nm-openswan-auth-dialog.desktop.in
+desktop_DATA = $(desktop_in_files:.desktop.in=.desktop)
+EXTRA_DIST = \
+ $(desktop_in_in_files)
+
+CLEANFILES = \
+ *~ \
+ $(desktop_DATA)
+
+DISTCLEANFILES = \
+ $(desktop_in_files)
diff --git a/auth-dialog/nm-openswan-auth-dialog.desktop.in.in b/auth-dialog/nm-openswan-auth-dialog.desktop.in.in
new file mode 100644
index 0000000..9c91b6b
--- /dev/null
+++ b/auth-dialog/nm-openswan-auth-dialog.desktop.in.in
@@ -0,0 +1,7 @@
+[Desktop Entry]
+_Name=Network
+_Comment=Request VPN authentication
+Exec=@LIBEXECDIR@/nm-openswan-auth-dialog
+Terminal=false
+Type=Application
+NoDisplay=true
diff --git a/configure.ac b/configure.ac
index b214ef7..10af655 100644
--- a/configure.ac
+++ b/configure.ac
@@ -114,6 +114,7 @@ AC_CONFIG_FILES([
Makefile
src/Makefile
auth-dialog/Makefile
+auth-dialog/nm-openswan-auth-dialog.desktop.in
properties/Makefile
po/Makefile.in
])
--
1.8.3.1

33
0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch
View File

@ -1,33 +0,0 @@
From fc10d570b9291e687e4b1dfbfcf8c5c8f5f38f02 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 13:39:57 -0500
Subject: [PATCH 02/20] Fixed gtk label max width issue by setting it to 35.
---
auth-dialog/vpn-password-dialog.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/auth-dialog/vpn-password-dialog.c b/auth-dialog/vpn-password-dialog.c
index 9fa2509..685e17e 100644
--- a/auth-dialog/vpn-password-dialog.c
+++ b/auth-dialog/vpn-password-dialog.c
@@ -29,6 +29,8 @@
#include <glib/gi18n.h>
#include <gtk/gtk.h>
+#include "src/nm-openswan-service.h"
+
G_DEFINE_TYPE (VpnPasswordDialog, vpn_password_dialog, GTK_TYPE_DIALOG)
#define VPN_PASSWORD_DIALOG_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), \
@@ -278,6 +280,7 @@ vpn_password_dialog_new (const char *title,
message_label = GTK_LABEL (gtk_label_new (message));
gtk_label_set_justify (message_label, GTK_JUSTIFY_LEFT);
gtk_label_set_line_wrap (message_label, TRUE);
+ gtk_label_set_max_width_chars (message_label, 35);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (message_label));
gtk_box_pack_start (GTK_BOX (main_vbox), GTK_WIDGET (message_label), FALSE, FALSE, 0);
gtk_size_group_add_widget (priv->group, priv->table_alignment);
--
1.8.3.1

31
0003-Fixed-Networkmanager-and-related-lib-dependencies.patch
View File

@ -1,31 +0,0 @@
From d39ea5f4a0d3048c5109550833ce8af743540a0e Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 13:41:36 -0500
Subject: [PATCH 03/20] Fixed Networkmanager and related lib dependencies.
---
configure.ac | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 10af655..27e2242 100644
--- a/configure.ac
+++ b/configure.ac
@@ -66,10 +66,10 @@ AC_SUBST(DBUS_CFLAGS)
AC_SUBST(DBUS_LIBS)
PKG_CHECK_MODULES(NM,
- NetworkManager >= 0.9.6
- libnm-util >= 0.9.6
- libnm-glib >= 0.9.6
- libnm-glib-vpn >= 0.9.6)
+ NetworkManager >= 0.9.8
+ libnm-util >= 0.9.8
+ libnm-glib >= 0.9.8
+ libnm-glib-vpn >= 0.9.8)
AC_SUBST(NM_CFLAGS)
AC_SUBST(NM_LIBS)
--
1.8.3.1

34
0004-Fixed-gnomekeyring-lib-dependencies.patch
View File

@ -1,34 +0,0 @@
From 41fd9ad25736659b3a465630bca7da294b1204e5 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 13:42:50 -0500
Subject: [PATCH 04/20] Fixed gnomekeyring lib dependencies.
---
properties/Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/properties/Makefile.am b/properties/Makefile.am
index f599e21..abbf208 100644
--- a/properties/Makefile.am
+++ b/properties/Makefile.am
@@ -12,6 +12,7 @@ ui_DATA = nm-openswan-dialog.ui
libnm_openswan_properties_la_CPPFLAGS = \
$(GTK_CFLAGS) \
+ $(GNOMEKEYRING_CFLAGS) \
$(NM_CFLAGS) \
-DICONDIR=\""$(datadir)/pixmaps"\" \
-DUIDIR=\""$(uidir)"\" \
@@ -22,7 +23,8 @@ libnm_openswan_properties_la_CPPFLAGS = \
libnm_openswan_properties_la_LIBADD = \
$(GTK_LIBS) \
- $(NM_LIBS)
+ $(NM_LIBS) \
+ $(GNOMEKEYRING_LIBS)
libnm_openswan_properties_la_LDFLAGS = \
-avoid-version
--
1.8.3.1

145
0005-Fixed-dead-code-based-on-coverity-scan.patch
View File

@ -1,145 +0,0 @@
From ff5dfb0a75d4312ddc923dff637ad180266ff923 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 13:44:24 -0500
Subject: [PATCH 05/20] Fixed dead code based on coverity scan.
---
properties/nm-openswan.c | 94 ++++++++++++++++--------------------------------
1 file changed, 31 insertions(+), 63 deletions(-)
diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c
index 75acedd..c13de36 100644
--- a/properties/nm-openswan.c
+++ b/properties/nm-openswan.c
@@ -158,6 +158,36 @@ stuff_changed_cb (GtkWidget *widget, gpointer user_data)
}
static void
+setup_password_widget (OpenswanPluginUiWidget *self,
+ const char *entry_name,
+ NMSettingVPN *s_vpn,
+ const char *secret_name,
+ gboolean new_connection)
+{
+ OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
+ NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
+ GtkWidget *widget;
+ const char *value;
+
+ if (new_connection)
+ secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
+
+ widget = (GtkWidget *) gtk_builder_get_object (priv->builder, entry_name);
+ g_assert (widget);
+ gtk_size_group_add_widget (priv->group, widget);
+
+ if (s_vpn) {
+ value = nm_setting_vpn_get_secret (s_vpn, secret_name);
+ gtk_entry_set_text (GTK_ENTRY (widget), value ? value : "");
+ nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_name, &secret_flags, NULL);
+ }
+ secret_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED);
+ g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (secret_flags));
+
+ g_signal_connect (widget, "changed", G_CALLBACK (stuff_changed_cb), self);
+}
+
+static void
show_toggled_cb (GtkCheckButton *button, OpenswanPluginUiWidget *self)
{
OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
@@ -301,35 +331,6 @@ init_one_pw_combo (OpenswanPluginUiWidget *self,
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (pw_type_combo_changed_cb), self);
}
-static void
-setup_password_widget (OpenswanPluginUiWidget *self,
- const char *entry_name,
- NMSettingVPN *s_vpn,
- const char *secret_name,
- gboolean new_connection)
-{
- OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
- NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE;
- GtkWidget *widget;
- const char *value;
-
- if (new_connection)
- secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
-
- widget = (GtkWidget *) gtk_builder_get_object (priv->builder, entry_name);
- g_assert (widget);
- gtk_size_group_add_widget (priv->group, widget);
-
- if (s_vpn) {
- value = nm_setting_vpn_get_secret (s_vpn, secret_name);
- gtk_entry_set_text (GTK_ENTRY (widget), value ? value : "");
- nm_setting_get_secret_flags (NM_SETTING (s_vpn), secret_name, &secret_flags, NULL);
- }
- secret_flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED);
- g_object_set_data (G_OBJECT (widget), "flags", GUINT_TO_POINTER (secret_flags));
-
- g_signal_connect (widget, "changed", G_CALLBACK (stuff_changed_cb), self);
-}
static gboolean
init_plugin_ui (OpenswanPluginUiWidget *self,
@@ -338,7 +339,7 @@ init_plugin_ui (OpenswanPluginUiWidget *self,
GError **error)
{
OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self);
- NMSettingVPN *s_vpn;
+ NMSettingVPN *s_vpn = NULL;
GtkWidget *widget;
const char *value = NULL;
@@ -435,24 +436,6 @@ init_plugin_ui (OpenswanPluginUiWidget *self,
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
- /*widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton"));
- g_return_val_if_fail (widget != NULL, FALSE);
- if (s_vpn) {
- value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT);
- if (value) {
- long int tmp;
-
- errno = 0;
- tmp = strtol (value, NULL, 10);
- if (tmp >= 0 && tmp <= G_MAXUINT32 && errno == 0)
- priv->orig_dpd_timeout = (guint32) tmp;
-
- if (priv->orig_dpd_timeout == 0)
- gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
- }
- }
- g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/
-
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "show_passwords_checkbutton"));
g_return_val_if_fail (widget != NULL, FALSE);
g_signal_connect (G_OBJECT (widget), "toggled",
@@ -563,21 +546,6 @@ update_connection (NMVpnPluginUiWidgetInterface *iface,
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str);
- //widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "disable_dpd_checkbutton"));
- //if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
- // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0");
- //} else {
- /* If DPD was disabled and now the user wishes to enable it, just
- * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the
- * default DPD idle time. Otherwise keep the original DPD idle timeout.
- */
- // if (priv->orig_dpd_timeout >= 10) {
- // char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout);
- // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp);
- // g_free (tmp);
- // }
- //}
-
save_one_password (s_vpn,
priv->builder,
"user_password_entry",
--
1.8.3.1

59
0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch
View File

@ -1,59 +0,0 @@
From bc55d220fe7fe7b377aa21d1e2c153d54716e4ec Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 13:50:05 -0500
Subject: [PATCH 06/20] Fix prcoessing of nm-openswan-dialog.ui file and added
more error notifications.
---
properties/nm-openswan.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c
index c13de36..e164e85 100644
--- a/properties/nm-openswan.c
+++ b/properties/nm-openswan.c
@@ -462,7 +462,7 @@ save_one_password (NMSettingVPN *s_vpn,
const char *secret_key,
const char *type_key)
{
- NMSettingSecretFlags flags;
+ NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE;
const char *data_val = NULL, *password;
GtkWidget *entry, *combo;
@@ -577,6 +577,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error)
{
NMVpnPluginUiWidgetInterface *object;
OpenswanPluginUiWidgetPrivate *priv;
+ char *ui_file;
NMSettingVPN *s_vpn;
gboolean is_new = TRUE;
@@ -591,15 +592,23 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error)
priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (object);
+ ui_file = g_strdup_printf ("%s/%s", UIDIR, "nm-openswan-dialog.ui");
priv->builder = gtk_builder_new ();
g_assert (priv->builder);
gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE);
- if (gtk_builder_add_from_file (priv->builder, UIDIR "/nm-openswan-dialog.ui", error) == 0) {
+ if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) {
+ g_warning ("Couldn't load builder file: %s",
+ error && *error ? (*error)->message : "(unknown)");
+ g_clear_error (error);
+ g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, 0,
+ "could not load required resources at %s", ui_file);
+ g_free (ui_file);
g_object_unref (object);
return NULL;
}
+ g_free (ui_file);
priv->widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "openswan-vbox"));
if (!priv->widget) {
--
1.8.3.1

98
0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch
View File

@ -1,98 +0,0 @@
From db46fa8f456b7b21ad259ffab4a5b4e51e8c5809 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 13:58:50 -0500
Subject: [PATCH 07/20] openswan/libreswan does not provide tun0 interface, so
fixed the code where it sends tun0 interface.
---
src/nm-openswan-service-helper.c | 26 ++++++++++++++++++++------
src/nm-openswan-service.h | 4 ++++
2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c
index d0b4e19..35cd9d9 100644
--- a/src/nm-openswan-service-helper.c
+++ b/src/nm-openswan-service-helper.c
@@ -202,12 +202,13 @@ int
main (int argc, char *argv[])
{
DBusGConnection *connection;
- char *tmp;
+ char *tmp=NULL;
GHashTable *config;
GValue *val;
GError *err = NULL;
- //struct in_addr temp_addr;
+ struct in_addr temp_addr;
//long int mtu = 1412;
+ char nmask[16]="255.255.255.255";
#if !GLIB_CHECK_VERSION (2, 35, 0)
g_type_init ();
@@ -237,13 +238,25 @@ main (int argc, char *argv[])
else
helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)");
+
+ /*
+ * Tunnel device
+ * Indicate that openswan plugin doesn't use tun/tap device
+ */
+ val = g_slice_new0 (GValue);
+ g_value_init (val, G_TYPE_STRING);
+ g_value_set_string (val, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE);
+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
+
+#if 0
/* Tunnel device */
//val = str_to_gvalue (getenv ("TUNDEV"), FALSE);
- val = str_to_gvalue ("tun0", FALSE);
+ //val = str_to_gvalue ("tun0", FALSE);
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
else
helper_failed (connection, "Tunnel Device");
+#endif
/* IP address */
val = addr_to_gvalue (getenv ("PLUTO_MY_SOURCEIP"));
@@ -258,9 +271,10 @@ main (int argc, char *argv[])
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val);
else
helper_failed (connection, "IP4 PTP Address");
-#if 0
+//#if 0
/* Netmask */
- tmp = getenv ("INTERNAL_IP4_NETMASK");
+ //tmp = getenv ("INTERNAL_IP4_NETMASK");
+ tmp = nmask;
if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
GValue *value;
@@ -270,7 +284,7 @@ main (int argc, char *argv[])
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value);
}
-#endif
+//#endif
/* DNS */
val = addr_list_to_gvalue (getenv ("PLUTO_CISCO_DNS_INFO"));
diff --git a/src/nm-openswan-service.h b/src/nm-openswan-service.h
index cd79b43..0b6022d 100644
--- a/src/nm-openswan-service.h
+++ b/src/nm-openswan-service.h
@@ -54,6 +54,10 @@
#define NM_OPENSWAN_PW_TYPE_ASK "ask"
#define NM_OPENSWAN_PW_TYPE_UNUSED "unused"
+#ifndef NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE
+#define NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE "_none_"
+#endif
+
typedef struct {
NMVPNPlugin parent;
} NMOPENSWANPlugin;
--
1.8.3.1

52
0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch
View File

@ -1,52 +0,0 @@
From 571c3af579c5753b82aab522486b6af45b27d7d8 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 14:01:00 -0500
Subject: [PATCH 08/20] libreswan related fixes, as some macros have been
modified after forking to libreswan from openswan.
---
src/nm-openswan-service-helper.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c
index 35cd9d9..07bc576 100644
--- a/src/nm-openswan-service-helper.c
+++ b/src/nm-openswan-service-helper.c
@@ -210,6 +210,7 @@ main (int argc, char *argv[])
//long int mtu = 1412;
char nmask[16]="255.255.255.255";
+
#if !GLIB_CHECK_VERSION (2, 35, 0)
g_type_init ();
#endif
@@ -217,7 +218,7 @@ main (int argc, char *argv[])
/* openswan gives us a "reason" code. If we are given one,
* don't proceed unless its "connect".
*/
- tmp = getenv ("openswan_reason");
+ tmp = getenv ("libreswan_reason");
if (tmp && strcmp (tmp, "connect") != 0)
exit (0);
@@ -287,7 +288,7 @@ main (int argc, char *argv[])
//#endif
/* DNS */
- val = addr_list_to_gvalue (getenv ("PLUTO_CISCO_DNS_INFO"));
+ val = addr_list_to_gvalue (getenv ("PLUTO_PEER_DNS_INFO"));
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
@@ -299,7 +300,7 @@ main (int argc, char *argv[])
#endif
/* Default domain */
- val = str_to_gvalue (getenv ("PLUTO_CISCO_DOMAIN_INFO"), TRUE);
+ val = str_to_gvalue (getenv ("PLUTO_PEER_DOMAIN_INFO"), TRUE);
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val);
--
1.8.3.1

28
0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch
View File

@ -1,28 +0,0 @@
From 85774a1cd6f94e1d23ad0403bc912d4671503434 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 14:05:06 -0500
Subject: [PATCH 09/20] Fixed an issue where writing configuration on stdin
should not end with \n as it gives error. It used to work previously, but not
with latest NetworkManager versions.
---
src/nm-openswan-service.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index ec0553c..f9bea3d 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -577,7 +577,8 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn,
write_config_option (fdtmp1, " nm_configured=yes\n");
//write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH);
- write_config_option (fdtmp1, " auto=add\n");
+ //write_config_option (fdtmp1, " auto=add\n");
+ write_config_option (fdtmp1, " auto=add");
//write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME));
//write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME));
}
--
1.8.3.1

175
0010-Fixed-more-coverity-scan-issues.patch
View File

@ -1,175 +0,0 @@
From 0cae80518c6329f1575bf46b615123a5e034515a Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 14:33:38 -0500
Subject: [PATCH 10/20] Fixed more coverity scan issues.
---
src/Makefile.am | 3 ---
src/nm-openswan-service-helper.c | 21 -------------------
src/nm-openswan-service.c | 44 ----------------------------------------
3 files changed, 68 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 12ce851..4f3e316 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -21,17 +21,14 @@ nm_openswan_service_SOURCES = \
nm-openswan-service.c \
nm-openswan-service.h
-
nm_openswan_service_LDADD = \
$(DBUS_LIBS) \
$(GTHREAD_LIBS) \
$(NM_LIBS)
-
nm_openswan_service_helper_SOURCES = \
nm-openswan-service-helper.c
-
nm_openswan_service_helper_LDADD = \
$(DBUS_LIBS) \
$(GTHREAD_LIBS) \
diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c
index 07bc576..e148b26 100644
--- a/src/nm-openswan-service-helper.c
+++ b/src/nm-openswan-service-helper.c
@@ -207,7 +207,6 @@ main (int argc, char *argv[])
GValue *val;
GError *err = NULL;
struct in_addr temp_addr;
- //long int mtu = 1412;
char nmask[16]="255.255.255.255";
@@ -292,12 +291,6 @@ main (int argc, char *argv[])
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
-#if 0
- /* WINS servers */
- val = addr_list_to_gvalue (getenv ("INTERNAL_IP4_NBNS"));
- if (val)
- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
-#endif
/* Default domain */
val = str_to_gvalue (getenv ("PLUTO_PEER_DOMAIN_INFO"), TRUE);
@@ -309,20 +302,6 @@ main (int argc, char *argv[])
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val);
-#if 0
- /* MTU */
- tmp = getenv ("INTERNAL_IP4_MTU");
- if (tmp && strlen (tmp)) {
- errno = 0;
- mtu = strtol (tmp, NULL, 10);
- if (errno || mtu < 0 || mtu > 20000) {
- g_warning ("Ignoring invalid tunnel MTU '%s'", tmp);
- mtu = 1412;
- }
- }
- val = uint_to_gvalue ((guint32) mtu);
- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_MTU, val);
-#endif
/* Send the config info to nm-openswan-service */
send_ip4_config (connection, config);
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index f9bea3d..64792a6 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -308,11 +308,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
g_ptr_array_add (openswan_argv, (gpointer) "--add");
g_ptr_array_add (openswan_argv, (gpointer) "--config");
g_ptr_array_add (openswan_argv, (gpointer) "-");
- //g_ptr_array_add (openswan_argv, (gpointer) "--up");
- //g_ptr_array_add (openswan_argv, (gpointer) "--name");
g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
- //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass");
- //g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
g_ptr_array_add (openswan_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
@@ -524,17 +520,11 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn,
{
WriteConfigInfo *info;
const char *props_username;
- //const char *props_natt_mode;
const char *default_username;
const char *phase1_alg_str;
const char *phase2_alg_str;
- //const char *pw_type;
gint fdtmp1=-1;
- //gint conf_fd=-1;
- //gint secret_fd=-1;
- //conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
- //secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
fdtmp1 = openswan_fd;
if(fdtmp1 != -1) {
@@ -576,49 +566,17 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn,
}
write_config_option (fdtmp1, " nm_configured=yes\n");
- //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH);
- //write_config_option (fdtmp1, " auto=add\n");
write_config_option (fdtmp1, " auto=add");
- //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME));
- //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME));
}
- //default_username = nm_setting_vpn_get_user_name (s_vpn);
-
- /* Fill username if it's not present */
- /*props_username = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_LEFTXAUTHUSER);
- if ( default_username
- && strlen (default_username)
- && (!props_username || !strlen (props_username))) {
- write_config_option (openswan_fd,
- NM_OPENSWAN_LEFTXAUTHUSER " %s\n",
- default_username);
- }*/
-
info = g_malloc0 (sizeof (WriteConfigInfo));
- //info->fd = openswan_fd;
- //info->conf_fd = conf_fd;
info->conf_fd = openswan_fd;
- //info->secret_fd = secret_fd;
info->s_vpn = s_vpn;
- /* Check for ignored user password */
- /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES);
- if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED))
- info->upw_ignored = TRUE;*/
-
- /* Check for ignored group password */
- /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_PSK_INPUT_MODES);
- if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED))
- info->gpw_ignored = TRUE;*/
-
nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info);
- //nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info);
*error = info->error;
- //close(conf_fd);
close(openswan_fd);
sleep(3);
- //close(secret_fd);
g_free (info);
return *error ? FALSE : TRUE;
@@ -807,8 +765,6 @@ real_disconnect (NMVPNPlugin *plugin,
}
g_ptr_array_free (openswan_argv, TRUE);
- //unlink("/etc/ipsec.d/ipsec-nm-conn1.conf");
- //unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets");
return TRUE;
}
--
1.8.3.1

55
0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch
View File

@ -1,55 +0,0 @@
From 9a5e803eac0f3bd30517a4e615271f0f1d97ca02 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 14:37:22 -0500
Subject: [PATCH 11/20] Fixed the current code as it does not set the default
route field NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT when sending VPN
information to nm-openswan plugin. This fix sets the field to TRUE.
---
src/nm-openswan-service-helper.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c
index e148b26..59d79f9 100644
--- a/src/nm-openswan-service-helper.c
+++ b/src/nm-openswan-service-helper.c
@@ -121,6 +121,17 @@ str_to_gvalue (const char *str, gboolean try_convert)
}
static GValue *
+bool_to_gvalue (gboolean b)
+{
+ GValue *val;
+
+ val = g_slice_new0 (GValue);
+ g_value_init (val, G_TYPE_BOOLEAN);
+ g_value_set_boolean (val, b);
+ return val;
+}
+
+static GValue *
uint_to_gvalue (guint32 num)
{
GValue *val;
@@ -252,6 +263,7 @@ main (int argc, char *argv[])
/* Tunnel device */
//val = str_to_gvalue (getenv ("TUNDEV"), FALSE);
//val = str_to_gvalue ("tun0", FALSE);
+ val = str_to_gvalue ("lo", FALSE);
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
else
@@ -302,6 +314,10 @@ main (int argc, char *argv[])
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val);
+ /* Routes */
+ /* No default route*/
+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT,
+ bool_to_gvalue (TRUE));
/* Send the config info to nm-openswan-service */
send_ip4_config (connection, config);
--
1.8.3.1

36
0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch
View File

@ -1,36 +0,0 @@
From 7917ed515f29f54847e3bf57b6b61e7097ed78e7 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 14:38:08 -0500
Subject: [PATCH 12/20] Fixed netmask issue when sending IP information to the
nm openswan plugin service.
---
src/nm-openswan-service-helper.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c
index 59d79f9..d521645 100644
--- a/src/nm-openswan-service-helper.c
+++ b/src/nm-openswan-service-helper.c
@@ -283,9 +283,8 @@ main (int argc, char *argv[])
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val);
else
helper_failed (connection, "IP4 PTP Address");
-//#if 0
+
/* Netmask */
- //tmp = getenv ("INTERNAL_IP4_NETMASK");
tmp = nmask;
if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
GValue *value;
@@ -296,7 +295,6 @@ main (int argc, char *argv[])
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value);
}
-//#endif
/* DNS */
val = addr_list_to_gvalue (getenv ("PLUTO_PEER_DNS_INFO"));
--
1.8.3.1

68
0013-Fixed-more-libreswan-related-changes.patch
View File

@ -1,68 +0,0 @@
From 2581ac2914b666b427a90ea400e757ef41030bdd Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 14:45:06 -0500
Subject: [PATCH 13/20] Fixed more libreswan related changes.
---
src/nm-openswan-service-helper.c | 7 +++----
src/nm-openswan-service.c | 8 ++++----
2 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/nm-openswan-service-helper.c b/src/nm-openswan-service-helper.c
index d521645..cde7443 100644
--- a/src/nm-openswan-service-helper.c
+++ b/src/nm-openswan-service-helper.c
@@ -204,8 +204,8 @@ addr_list_to_gvalue (const char *str)
*
* PLUTO_PEER -- vpn gateway address
* PLUTO_MY_SOURCEIP -- address
- * PLUTO_CISCO_DNS_INFO -- list of dns serverss
- * PLUTO_CISCO_DOMAIN_INFO -- default domain name
+ * PLUTO_PEER_DNS_INFO -- list of dns serverss
+ * PLUTO_PEER_DOMAIN_INFO -- default domain name
* PLUTO_PEER_BANNER -- banner from server
*
*/
@@ -247,8 +247,7 @@ main (int argc, char *argv[])
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_GATEWAY, val);
else
- helper_failed (connection, "Openswan Pluto Right Peer (VPN Gateway)");
-
+ helper_failed (connection, "IPsec/Pluto Right Peer (VPN Gateway)");
/*
* Tunnel device
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index 64792a6..d59c58f 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -860,15 +860,15 @@ main (int argc, char *argv[])
g_option_context_parse (opt_ctx, &argc, &argv, NULL);
g_option_context_free (opt_ctx);
- if (getenv ("OPENSWAN_DEBUG"))
+ if (getenv ("IPSEC_DEBUG"))
debug = TRUE;
if (debug)
- g_message ("nm-openswan-service (version " DIST_VERSION ") starting...");
+ g_printf ("nm-openswan-service (version " DIST_VERSION ") starting...\n");
plugin = nm_openswan_plugin_new ();
if (!plugin)
- exit (1);
+ exit (EXIT_FAILURE);
loop = g_main_loop_new (NULL, FALSE);
@@ -881,5 +881,5 @@ main (int argc, char *argv[])
g_main_loop_unref (loop);
g_object_unref (plugin);
- exit (0);
+ exit (EXIT_SUCCESS);
}
--
1.8.3.1

27
0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch
View File

@ -1,27 +0,0 @@
From fdd136923c77b71080f2ccb2c0fe0a5234e73c1c Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 14:47:14 -0500
Subject: [PATCH 14/20] Fixed an issue where nm-openswan service is searching
for ipsec binary in both /sbin and /usr/sbin leading to same operation twice,
as /sbin is just symlink to /usr/sbin, so removed /sbin from the search
paths.
---
src/nm-openswan-service.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index d59c58f..7f1a9c9 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -57,7 +57,6 @@ typedef struct {
static const char *openswan_binary_paths[] =
{
"/usr/sbin/ipsec",
- "/sbin/ipsec",
"/usr/local/sbin/ipsec",
NULL
};
--
1.8.3.1

131
0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch
View File

@ -1,131 +0,0 @@
From 24e2b36b20f2b6d42f715618e13c2919ad0fc51c Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 15:04:09 -0500
Subject: [PATCH 15/20] Rewrite pluto watch API which watches the pluto process
for its status. Fixed memory leak issues as not all child processes were
reaped correctly. Also g_spwan_close_pid was not being called after children
were reaped. Also modified debugs and added more to help with debugging in
the future.
---
src/nm-openswan-service.c | 52 +++++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 22 deletions(-)
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index 7f1a9c9..b73ab1f 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -207,30 +207,33 @@ nm_openswan_secrets_validate (NMSettingVPN *s_vpn, GError **error)
}
static void
-openswan_watch_cb_auto (GPid pid, gint status, gpointer user_data)
+pluto_watch_cb (GPid pid, gint status, gpointer user_data)
{
NMOPENSWANPlugin *plugin = NM_OPENSWAN_PLUGIN (user_data);
NMOPENSWANPluginPrivate *priv = NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin);
guint error = 0;
+ if(debug)
+ g_printf("pluto_watch: current child pid = %d, pluto pid=%d\n", pid, priv->pid);
+
if (WIFEXITED (status)) {
error = WEXITSTATUS (status);
if (error != 0)
- g_warning ("openswan: ipsec auto exited with error code %d", error);
+ g_printf ("pluto_watch: pluto exited with error code %d\n", error);
}
else if (WIFSTOPPED (status))
- g_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status));
+ g_printf ("pluto_watch: pluto stopped unexpectedly with signal %d\n", WSTOPSIG (status));
else if (WIFSIGNALED (status))
- g_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status));
+ g_printf ("pluto_watch: pluto died with signal %d\n", WTERMSIG (status));
else
- g_warning ("openswan: ipsec auto died from an unknown cause");
+ g_printf ("pluto_watch: pluto died from an unknown cause\n");
/* Reap child if needed. */
- //waitpid (priv->pid_auto, NULL, WNOHANG);
- //priv->pid_auto = 0;
+ waitpid (pid, NULL, WNOHANG);
+
+ if(debug)
+ g_printf ("pluto_watch: reaped child pid =%d\n", pid);
- waitpid (priv->pid, NULL, WNOHANG);
- priv->pid = 0;
/* Must be after data->state is set since signals use data->state */
switch (error) {
@@ -246,18 +249,29 @@ openswan_watch_cb_auto (GPid pid, gint status, gpointer user_data)
break;
}
- nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED);
+ if(pid == priv->pid || error) {
+ priv->pid = 0;
+
+ if(debug)
+ g_printf ("pluto_watch: nm pluto service is stopping\n");
+
+ nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED);
+ }
+
+ if(debug)
+ g_printf ("pluto_watch: nm pluto service will continue after reaping a child\n");
+
+ /*closing pid*/
+ g_spawn_close_pid(pid);
}
static gint
-//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error)
nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
{
GPid pid, pid_auto;
const char **openswan_binary = NULL;
GPtrArray *openswan_argv;
- GSource *openswan_watch;
gint stdin_fd;
/* Find openswan ipsec */
@@ -293,11 +307,8 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
g_message ("openswan: ipsec started with pid %d", pid);
- NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid;
- openswan_watch = g_child_watch_source_new (pid);
- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
- g_source_attach (openswan_watch, NULL);
- g_source_unref (openswan_watch);
+ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid;
+ g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin);
sleep(2);
@@ -322,11 +333,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
g_message ("openswan: ipsec auto started with pid %d", pid_auto);
- /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
- openswan_watch = g_child_watch_source_new (pid_auto);
- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
- g_source_attach (openswan_watch, NULL);
- g_source_unref (openswan_watch);*/
+ g_child_watch_add(pid_auto, (GChildWatchFunc) pluto_watch_cb, plugin);
return stdin_fd;
}
@@ -376,6 +383,7 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error)
g_ptr_array_free (openswan_argv, TRUE);
sleep(3);
+ g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin);
g_message ("openswan: ipsec auto connection started with pid %d", pid);
--
1.8.3.1

28
0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch
View File

@ -1,28 +0,0 @@
From dde144e924005c3048061b4d758019a1358ac505 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 15:05:25 -0500
Subject: [PATCH 16/20] Fixed defaults values for more parameters to help the
VPN connection stay more reliable.
---
src/nm-openswan-service.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index b73ab1f..b807bcc 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -573,6 +573,10 @@ nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn,
}
write_config_option (fdtmp1, " nm_configured=yes\n");
+ write_config_option (fdtmp1, " rekey=yes\n");
+ write_config_option (fdtmp1, " salifetime=24h\n");
+ write_config_option (fdtmp1, " ikelifetime=24h\n");
+ write_config_option (fdtmp1, " keyingtries=1\n");
write_config_option (fdtmp1, " auto=add");
}
--
1.8.3.1

50
0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch
View File

@ -1,50 +0,0 @@
From 9dadb938c40e4d56fea6c6d55f3c9b90e776fb62 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 15:21:54 -0500
Subject: [PATCH 17/20] Fixed initiation of pluto daemon by this plugin to
reflect the changes in libreaswan.
---
src/nm-openswan-service.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index b807bcc..f205c1d 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -49,7 +49,6 @@ G_DEFINE_TYPE (NMOPENSWANPlugin, nm_openswan_plugin, NM_TYPE_VPN_PLUGIN)
typedef struct {
GPid pid;
- GPid pid_auto;
} NMOPENSWANPluginPrivate;
#define NM_OPENSWAN_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_OPENSWAN_PLUGIN, NMOPENSWANPluginPrivate))
@@ -291,14 +290,20 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
return -1;
}
- openswan_argv = g_ptr_array_new ();
- g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
- g_ptr_array_add (openswan_argv, (gpointer) "setup");
+ /*openswan_argv = g_ptr_array_new ();
g_ptr_array_add (openswan_argv, (gpointer) "start");
g_ptr_array_add (openswan_argv, NULL);
+ g_ptr_array_free (openswan_argv, TRUE);*/
+ openswan_argv = g_ptr_array_new ();
+ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/pluto");
+ g_ptr_array_add (openswan_argv, (gpointer) "--config");
+ g_ptr_array_add (openswan_argv, (gpointer) "/etc/ipsec.conf");
+ g_ptr_array_add (openswan_argv, (gpointer) "--nofork");
+ g_ptr_array_add (openswan_argv, NULL);
+
if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL,
- 0, NULL, NULL, &pid, error)) {
+ G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) {
g_ptr_array_free (openswan_argv, TRUE);
g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message);
return -1;
--
1.8.3.1

103
0018-Fixed-various-debug-messages.patch
View File

@ -1,103 +0,0 @@
From 9ef10efa0905b22395987d99b26b8d5cbebd03ba Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 15:23:59 -0500
Subject: [PATCH 18/20] Fixed various debug messages.
---
src/nm-openswan-service.c | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index f205c1d..fffd020 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -305,12 +305,12 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL,
G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, error)) {
g_ptr_array_free (openswan_argv, TRUE);
- g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message);
+ g_printf ("pluto failed to start. error: '%s'\n", (*error)->message);
return -1;
}
g_ptr_array_free (openswan_argv, TRUE);
- g_message ("openswan: ipsec started with pid %d", pid);
+ g_printf ("ipsec/pluto started with pid %d\n", pid);
NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid;
g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin);
@@ -331,20 +331,19 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
NULL, NULL, error)) {
g_ptr_array_free (openswan_argv, TRUE);
- g_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message);
+ g_printf ("ipsec auto add failed with error: '%s'\n", (*error)->message);
return -1;
}
g_ptr_array_free (openswan_argv, TRUE);
- g_message ("openswan: ipsec auto started with pid %d", pid_auto);
+ if(debug)
+ g_printf ("pluto auto started with pid %d\n", pid_auto);
g_child_watch_add(pid_auto, (GChildWatchFunc) pluto_watch_cb, plugin);
return stdin_fd;
}
-
-
static gint
nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error)
{
@@ -382,15 +381,17 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error)
NULL, NULL, error)) {
g_ptr_array_free (openswan_argv, TRUE);
- g_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message);
+ g_printf ("ipsec/pluto auto connection failed to start. error: '%s'\n", (*error)->message);
return -1;
}
g_ptr_array_free (openswan_argv, TRUE);
- sleep(3);
+ if(debug)
+ g_printf ("pluto up started with pid %d\n", pid);
+
g_child_watch_add(pid, (GChildWatchFunc) pluto_watch_cb, plugin);
- g_message ("openswan: ipsec auto connection started with pid %d", pid);
+ //sleep(3);
return stdin_fd;
}
@@ -408,7 +409,7 @@ write_config_option (int fd, const char *format, ...)
g_print ("Config: %s", string);
if ( write (fd, string, strlen (string)) == -1) {
- g_warning ("nm-openswan: error in write_config_option");
+ g_printf ("nm-openswan: error in write_config_option\n");
}
g_free (string);
@@ -521,7 +522,7 @@ write_one_property (const char *key, const char *value, gpointer user_data)
/* ignored */
} else {
/* Just ignore unknown properties */
- g_warning ("Don't know how to write property '%s' with type %s",
+ g_printf ("Don't know how to write property '%s' with type %s\n",
(char *) key, g_type_name (type));
}
}
@@ -676,7 +677,7 @@ real_connect (NMVPNPlugin *plugin,
if (openswan_fd < 0)
goto out;
- write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
+ write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
close(openswan_fd);
openswan_fd=-1;
--
1.8.3.1

44
0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch
View File

@ -1,44 +0,0 @@
From 27c17d7d805ad87632872cf2ded5237fc59159dd Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 15:25:35 -0500
Subject: [PATCH 19/20] Fixed the termination operation of pluto daemon to
comply with libreswan changes.
---
src/nm-openswan-service.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index fffd020..af541bd 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -769,20 +769,21 @@ real_disconnect (NMVPNPlugin *plugin,
}
openswan_argv = g_ptr_array_new ();
- g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
- g_ptr_array_add (openswan_argv, (gpointer) "setup");
- g_ptr_array_add (openswan_argv, (gpointer) "stop");
+ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/whack");
+ g_ptr_array_add (openswan_argv, (gpointer) "--shutdown");
+ //g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
+ //g_ptr_array_add (openswan_argv, (gpointer) "setup");
+ //g_ptr_array_add (openswan_argv, (gpointer) "stop");
g_ptr_array_add (openswan_argv, NULL);
if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL,
0, NULL, NULL, NULL, error)) {
g_ptr_array_free (openswan_argv, TRUE);
- g_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message);
+ g_printf ("ipsec (pluto) failed to stop. error: '%s'\n", (*error)->message);
return -1;
}
g_ptr_array_free (openswan_argv, TRUE);
-
return TRUE;
}
--
1.8.3.1

39
0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch
View File

@ -1,39 +0,0 @@
From 7559f06152549e0c457d08c67f2d3088b37c6ccf Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Tue, 10 Dec 2013 16:56:18 -0500
Subject: [PATCH 20/20] Fixed an issue where proper network stack is not loaded
unless _stackmanager is run before starting pluto daemon service.
---
src/nm-openswan-service.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index af541bd..f6afee5 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -290,11 +290,19 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
return -1;
}
- /*openswan_argv = g_ptr_array_new ();
+ openswan_argv = g_ptr_array_new ();
+ g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/_stackmanager");
g_ptr_array_add (openswan_argv, (gpointer) "start");
g_ptr_array_add (openswan_argv, NULL);
- g_ptr_array_free (openswan_argv, TRUE);*/
+ if (!g_spawn_sync (NULL, (char **) openswan_argv->pdata, NULL,
+ 0, NULL, NULL, NULL, NULL, NULL, error)) {
+ g_ptr_array_free (openswan_argv, TRUE);
+ g_printf ("pluto _stackmanager failed with error: '%s'\n", (*error)->message);
+ return -1;
+ }
+ g_ptr_array_free (openswan_argv, TRUE);
+
openswan_argv = g_ptr_array_new ();
g_ptr_array_add (openswan_argv, (gpointer) "/usr/libexec/ipsec/pluto");
g_ptr_array_add (openswan_argv, (gpointer) "--config");
--
1.8.3.1

78
NetworkManager-openswan.spec
View File

@ -1,49 +1,23 @@
#%define nm_version 1:0.9.8 #%define nm_version 1:0.9.9.95
%define realversion 0.9.8.4 %define realversion 1.0.0
Summary: NetworkManager VPN plug-in for openswan Summary: NetworkManager VPN plug-in for openswan and libreswan
Name: NetworkManager-openswan Name: NetworkManager-openswan
Version: 0.9.8.4 Version: 1.0.0
Release: 4%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
URL: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/ URL: https://download.gnome.org/sources/NetworkManager-openswan/1.0/
Source0: http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openswan/0.9/%{name}-%{realversion}.tar.xz Source0: https://download.gnome.org/sources/NetworkManager-openswan/1.0/%{name}-%{realversion}.tar.xz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Patch1: 0001-NM-openswan-was-missing-support-for-nm-openswan-auth.patch
Patch2: 0002-Fixed-gtk-label-max-width-issue-by-setting-it-to-35.patch
Patch3: 0003-Fixed-Networkmanager-and-related-lib-dependencies.patch
Patch4: 0004-Fixed-gnomekeyring-lib-dependencies.patch
Patch5: 0005-Fixed-dead-code-based-on-coverity-scan.patch
Patch6: 0006-Fix-prcoessing-of-nm-openswan-dialog.ui-file-and-add.patch
Patch7: 0007-openswan-libreswan-does-not-provide-tun0-interface-s.patch
Patch8: 0008-libreswan-related-fixes-as-some-macros-have-been-mod.patch
Patch9: 0009-Fixed-an-issue-where-writing-configuration-on-stdin-.patch
Patch10: 0010-Fixed-more-coverity-scan-issues.patch
Patch11: 0011-Fixed-the-current-code-as-it-does-not-set-the-defaul.patch
Patch12: 0012-Fixed-netmask-issue-when-sending-IP-information-to-t.patch
Patch13: 0013-Fixed-more-libreswan-related-changes.patch
Patch14: 0014-Fixed-an-issue-where-nm-openswan-service-is-searchin.patch
Patch15: 0015-Rewrite-pluto-watch-API-which-watches-the-pluto-proc.patch
Patch16: 0016-Fixed-defaults-values-for-more-parameters-to-help-th.patch
Patch17: 0017-Fixed-initiation-of-pluto-daemon-by-this-plugin-to-r.patch
Patch18: 0018-Fixed-various-debug-messages.patch
Patch19: 0019-Fixed-the-termination-operation-of-pluto-daemon-to-c.patch
Patch20: 0020-Fixed-an-issue-where-proper-network-stack-is-not-loa.patch
Patch21: nm-openswan-1035786-1040924.patch
BuildRequires: gtk3-devel BuildRequires: gtk3-devel
BuildRequires: dbus-devel BuildRequires: dbus-devel
BuildRequires: NetworkManager-devel
BuildRequires: NetworkManager-glib-devel
BuildRequires: NetworkManager-devel >= %{nm_version} BuildRequires: NetworkManager-devel >= %{nm_version}
BuildRequires: NetworkManager-glib-devel >= %{nm_version} BuildRequires: NetworkManager-glib-devel >= %{nm_version}
%if 0%{?fedora} > 16 || 0%{?rhel} >= 7 BuildRequires: libnm-gtk-devel >= %{nm_version}
BuildRequires: libgnome-keyring-devel BuildRequires: libsecret-devel
%else
BuildRequires: gnome-keyring-devel
%endif
BuildRequires: intltool gettext BuildRequires: intltool gettext
Requires: NetworkManager >= %{nm_version} Requires: NetworkManager >= %{nm_version}
@ -52,18 +26,17 @@ Requires: gtk3
Requires: dbus Requires: dbus
Requires: libreswan Requires: libreswan
Requires: shared-mime-info Requires: shared-mime-info
#Requires: nm-connection-editor
%global _privatelibs libnm-openswan-properties[.]so.* %global _privatelibs libnm-openswan-properties[.]so.*
%global __provides_exclude ^(%{_privatelibs})$ %global __provides_exclude ^(%{_privatelibs})$
%global __requires_exclude ^(%{_privatelibs})$ %global __requires_exclude ^(%{_privatelibs})$
%description %description
This package contains software for integrating the openswan VPN software This package contains software for integrating the openswan/libreswan VPN software
with NetworkManager and the GNOME desktop with NetworkManager and the GNOME desktop
%package -n NetworkManager-openswan-gnome %package -n NetworkManager-openswan-gnome
Summary: NetworkManager VPN plugin for openswan - GNOME files Summary: NetworkManager VPN plugin for openswan/libreswan - GNOME files
Group: System Environment/Base Group: System Environment/Base
Requires: NetworkManager-openswan = %{version}-%{release} Requires: NetworkManager-openswan = %{version}-%{release}
@ -75,27 +48,6 @@ the openswan/libreswan server with NetworkManager (GNOME files).
%prep %prep
%setup -q -n NetworkManager-openswan-%{realversion} %setup -q -n NetworkManager-openswan-%{realversion}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%build %build
autoreconf autoreconf
@ -106,7 +58,7 @@ make %{?_smp_mflags}
make install DESTDIR=$RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT
rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la
rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.a rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.a
mv %{buildroot}%{_libexecdir}/nm-openswan-service-helper %{buildroot}%{_libexecdir}/nm-libreswan-service-helper ln -sf %{_libexecdir}/nm-openswan-service-helper %{buildroot}%{_libexecdir}/nm-libreswan-service-helper
%find_lang %{name} %find_lang %{name}
@ -127,10 +79,9 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/dbus-1/system.d/nm-openswan-service.conf %{_sysconfdir}/dbus-1/system.d/nm-openswan-service.conf
%{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name %{_sysconfdir}/NetworkManager/VPN/nm-openswan-service.name
%{_libexecdir}/nm-openswan-service %{_libexecdir}/nm-openswan-service
%{_libexecdir}/nm-openswan-service-helper
%{_libexecdir}/nm-libreswan-service-helper %{_libexecdir}/nm-libreswan-service-helper
%{_datadir}/applications/nm-openswan-auth-dialog.desktop %{_datadir}/applications/nm-openswan-auth-dialog.desktop
#%dir %{_datadir}/gnome-vpn-properties/openswan
#%{_datadir}/gnome-vpn-properties/openswan/nm-openswan-dialog.ui
%files -n NetworkManager-openswan-gnome %files -n NetworkManager-openswan-gnome
%doc AUTHORS ChangeLog COPYING %doc AUTHORS ChangeLog COPYING
@ -140,6 +91,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog %changelog
* Mon Dec 22 2014 Dan Williams <dcbw@redhat.com> - 1.0.0-1
- Update to 1.0
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8.4-4 * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.8.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

30
nm-openswan-1035786-1040924.patch
View File

@ -1,30 +0,0 @@
commit 044bd7593961389f24b1fdab7849f86da9f96246
Author: Avesh Agarwal <avagarwa@redhat.com>
Date: Thu Dec 12 14:55:26 2013 -0500
Fixes for rhbz#1035786 (and its duplicate: rhbz#1040924).
The patch is from here:
https://bug720319.bugzilla-attachments.gnome.org/attachment.cgi?id=264063
Just did minor modifcation.
diff --git a/properties/nm-openswan.c b/properties/nm-openswan.c
index e164e85..7bb1413 100644
--- a/properties/nm-openswan.c
+++ b/properties/nm-openswan.c
@@ -580,6 +580,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error)
char *ui_file;
NMSettingVPN *s_vpn;
gboolean is_new = TRUE;
+ const char *object_ids[] = { "openswan-vbox", "model1", "model2", NULL };
if (error)
g_return_val_if_fail (*error == NULL, NULL);
@@ -598,7 +599,7 @@ nm_vpn_plugin_ui_widget_interface_new (NMConnection *connection, GError **error)
gtk_builder_set_translation_domain (priv->builder, GETTEXT_PACKAGE);
- if (!gtk_builder_add_from_file (priv->builder, ui_file, error)) {
+ if (!gtk_builder_add_objects_from_file (priv->builder, ui_file, object_ids, error)) {
g_warning ("Couldn't load builder file: %s",
error && *error ? (*error)->message : "(unknown)");
g_clear_error (error);

3
sources
View File

@ -1,2 +1 @@
4aafa86d4203bb2b51c93165db165086 NetworkManager-openswan-0.9.8.4.sha256sum 2294c870a370e61ba1fa58149d89aa4c NetworkManager-openswan-1.0.0.tar.xz
6cb2b64bc79c4174856613d077667b66 NetworkManager-openswan-0.9.8.4.tar.xz