From f98504abadb63099b7f166dc9a551a8720686006 Mon Sep 17 00:00:00 2001
From: avesh agarwal <avesh@fedoraproject.org>
Date: Thu, 8 Jul 2010 20:14:15 +0000
Subject: [PATCH] - Modified the patch so that it does not pass user password
 to "ipsec     whack" command.

---
 NetworkManager-openswan.spec |  6 ++-
 nm-secret-whack.patch        | 92 +++++++-----------------------------
 2 files changed, 23 insertions(+), 75 deletions(-)

diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec
index c312e34..2bd3b10 100644
--- a/NetworkManager-openswan.spec
+++ b/NetworkManager-openswan.spec
@@ -6,7 +6,7 @@
 Summary:   NetworkManager VPN plug-in for openswan
 Name:      NetworkManager-openswan
 Version:   0.8.0
-Release:   2%{snapshot}%{?dist}
+Release:   3%{snapshot}%{?dist}
 License:   GPLv2+
 Group:     System Environment/Base
 URL:       http://people.redhat.com/avagarwa/files/NetworkManager-openswan/
@@ -76,6 +76,10 @@ rm -rf $RPM_BUILD_ROOT
 %dir %{_datadir}/gnome-vpn-properties/openswan
 
 %changelog
+* Thu Jul 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-3.20100411git
+- Modified the patch so that it does not pass user password to 
+  "ipsec whack" command.   
+
 * Thu Jul 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-2.20100411git
 - Modified to initiate VPN connections with openswan whack interface
 - Fixed the issue of world readable conf and secret files 
diff --git a/nm-secret-whack.patch b/nm-secret-whack.patch
index 8bcea5e..d4ef8f4 100644
--- a/nm-secret-whack.patch
+++ b/nm-secret-whack.patch
@@ -231,65 +231,37 @@ diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade
                  </child>
 diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c
 --- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c	2010-06-04 17:50:13.000000000 -0400
-+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c	2010-07-08 11:39:24.904302790 -0400
-@@ -202,14 +202,14 @@ openswan_watch_cb_auto (GPid pid, gint s
-         if (WIFEXITED (status)) {
-                 error = WEXITSTATUS (status);
-                 if (error != 0)
--                        nm_warning ("openswan: ipsec auto exited with error code %d", error);
-+                        nm_warning ("openswan: ipsec whack exited with error code %d", error);
-         }
-         else if (WIFSTOPPED (status))
--                nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status));
-+                nm_warning ("openswan: ipsec whack stopped unexpectedly with signal %d", WSTOPSIG (status));
-         else if (WIFSIGNALED (status))
--                nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status));
-+                nm_warning ("openswan: ipsec whack died with signal %d", WTERMSIG (status));
-         else
--                nm_warning ("openswan: ipsec auto died from an unknown cause");
-+                nm_warning ("openswan: ipsec whack died from an unknown cause");
- 
-         /* Reap child if needed. */
-         waitpid (priv->pid_auto, NULL, WNOHANG);
-@@ -218,7 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s
++++ NetworkManager-openswan-0.8/src/nm-openswan-service.c	2010-07-08 16:05:26.372305285 -0400
+@@ -218,6 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s
  
  
  static gint
--nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
-+nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error)
++//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error)
+ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
  {
  	GPid	pid, pid_auto;
- 	const char **openswan_binary = NULL;
-@@ -259,12 +259,14 @@ nm_openswan_start_openswan_binary (NMOPE
+@@ -259,12 +260,14 @@ nm_openswan_start_openswan_binary (NMOPE
  
  	sleep(2);
  
 -	/*ipsec auto --up <conn-name>*/
  	openswan_argv = g_ptr_array_new ();
  	g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
--	g_ptr_array_add (openswan_argv, (gpointer) "auto");
--	g_ptr_array_add (openswan_argv, (gpointer) "--up");
-+	g_ptr_array_add (openswan_argv, (gpointer) "whack");
-+	g_ptr_array_add (openswan_argv, (gpointer) "--initiate");
-+	g_ptr_array_add (openswan_argv, (gpointer) "--name");
+ 	g_ptr_array_add (openswan_argv, (gpointer) "auto");
+ 	g_ptr_array_add (openswan_argv, (gpointer) "--up");
++	//g_ptr_array_add (openswan_argv, (gpointer) "--name");
  	g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
-+	g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass");
-+	g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
++	//g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass");
++	//g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
  	g_ptr_array_add (openswan_argv, NULL);
  
  	if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
-@@ -272,18 +274,18 @@ nm_openswan_start_openswan_binary (NMOPE
- 							 NULL, NULL, error)) {
- 
- 		g_ptr_array_free (openswan_argv, TRUE);
--		nm_warning ("openswan: ipsec auto failed to start.  error: '%s'", (*error)->message);
-+		nm_warning ("openswan: ipsec whack failed to start.  error: '%s'", (*error)->message);
- 		return -1;
+@@ -277,13 +280,13 @@ nm_openswan_start_openswan_binary (NMOPE
  	}
  	g_ptr_array_free (openswan_argv, TRUE);
  
 -        nm_info ("openswan: ipsec auto started with pid %d", pid_auto);
-+	nm_info ("openswan: ipsec whack started with pid %d", pid_auto);
++	nm_info ("openswan: ipsec auto started with pid %d", pid_auto);
  
 -        NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
 -        openswan_watch = g_child_watch_source_new (pid_auto);
@@ -304,18 +276,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
  
  	return stdin_fd;
  }
-@@ -318,8 +320,8 @@ write_one_property (const char *key, con
- 	WriteConfigInfo *info = (WriteConfigInfo *) user_data;
- 	GType type = G_TYPE_INVALID;
- 	int i;
--        const char *default_username;
--        const char *props_username;
-+        //const char *default_username;
-+        //const char *props_username;
- 	const char *leftid;
- 
- 	if (info->error)
-@@ -365,19 +367,19 @@ write_one_property (const char *key, con
+@@ -365,7 +368,7 @@ write_one_property (const char *key, con
  		//write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value);
  
                  if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) {
@@ -324,21 +285,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
                  write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value);
                  }
  
-                 if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) {
--                default_username = nm_setting_vpn_get_user_name (info->s_vpn);
-+                /*default_username = nm_setting_vpn_get_user_name (info->s_vpn);
-                 props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER);
-                 	if ( default_username && strlen (default_username)
-                         && (!props_username || !strlen (props_username))) {
-                 	write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n",default_username, (char *) value);
-                 	} else {
-                 	write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value);
--                	}
-+                	}*/
-                 }
- 
- 	} else if (type == G_TYPE_BOOLEAN) {
-@@ -426,8 +428,8 @@ nm_openswan_config_write (NMSettingVPN *
+@@ -426,8 +429,8 @@ nm_openswan_config_write (NMSettingVPN *
  	gint conf_fd=-1;
  	gint secret_fd=-1;
  
@@ -349,7 +296,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
  
          fdtmp1 = conf_fd;
          if(fdtmp1 != -1) {
-@@ -454,8 +456,10 @@ nm_openswan_config_write (NMSettingVPN *
+@@ -454,8 +457,10 @@ nm_openswan_config_write (NMSettingVPN *
          write_config_option (fdtmp1, " ike=aes-sha1\n");
          write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n");
          write_config_option (fdtmp1, " nm_configured=yes\n");
@@ -361,7 +308,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
  	}
  
  	//default_username = nm_setting_vpn_get_user_name (s_vpn);
-@@ -514,10 +518,10 @@ real_connect (NMVPNPlugin   *plugin,
+@@ -514,8 +519,8 @@ real_connect (NMVPNPlugin   *plugin,
  	if (!nm_openswan_secrets_validate (s_vpn, error))
  		goto out;
  
@@ -370,12 +317,9 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
 +	if (!nm_openswan_config_write (s_vpn, error))
 +		goto out;
  
--	openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error);
-+	openswan_fd = nm_openswan_start_openswan_binary (s_vpn, NM_OPENSWAN_PLUGIN (plugin), error);
+ 	openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error);
  	if (openswan_fd < 0)
- 		goto out;
- 
-@@ -622,6 +626,9 @@ real_disconnect (NMVPNPlugin   *plugin,
+@@ -622,6 +627,9 @@ real_disconnect (NMVPNPlugin   *plugin,
          }
          g_ptr_array_free (openswan_argv, TRUE);