rpms/NetworkManager-libreswan
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Modified the patch so that it does not pass user password to "ipsec

Browse Source 
whack" command.
This commit is contained in:
avesh agarwal 2010-07-08 20:14:15 +00:00
parent 93da43e311
commit f98504abad
2 changed files with 23 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
NetworkManager-openswan.spec
View File

@ -6,7 +6,7 @@
Summary: NetworkManager VPN plug-in for openswan Summary: NetworkManager VPN plug-in for openswan
Name: NetworkManager-openswan Name: NetworkManager-openswan
Version: 0.8.0 Version: 0.8.0
Release: 2%{snapshot}%{?dist} Release: 3%{snapshot}%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/ URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/
@ -76,6 +76,10 @@ rm -rf $RPM_BUILD_ROOT
%dir %{_datadir}/gnome-vpn-properties/openswan %dir %{_datadir}/gnome-vpn-properties/openswan
%changelog %changelog
* Thu Jul 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-3.20100411git
- Modified the patch so that it does not pass user password to
"ipsec whack" command.
* Thu Jul 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-2.20100411git * Thu Jul 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-2.20100411git
- Modified to initiate VPN connections with openswan whack interface - Modified to initiate VPN connections with openswan whack interface
- Fixed the issue of world readable conf and secret files - Fixed the issue of world readable conf and secret files

92
nm-secret-whack.patch
View File

@ -231,65 +231,37 @@ diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade
</child> </child>
diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c
--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400 --- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-08 11:39:24.904302790 -0400 +++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-08 16:05:26.372305285 -0400
@@ -202,14 +202,14 @@ openswan_watch_cb_auto (GPid pid, gint s @@ -218,6 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s
if (WIFEXITED (status)) {
error = WEXITSTATUS (status);
if (error != 0)
- nm_warning ("openswan: ipsec auto exited with error code %d", error);
+ nm_warning ("openswan: ipsec whack exited with error code %d", error);
}
else if (WIFSTOPPED (status))
- nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status));
+ nm_warning ("openswan: ipsec whack stopped unexpectedly with signal %d", WSTOPSIG (status));
else if (WIFSIGNALED (status))
- nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status));
+ nm_warning ("openswan: ipsec whack died with signal %d", WTERMSIG (status));
else
- nm_warning ("openswan: ipsec auto died from an unknown cause");
+ nm_warning ("openswan: ipsec whack died from an unknown cause");
/* Reap child if needed. */
waitpid (priv->pid_auto, NULL, WNOHANG);
@@ -218,7 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s
static gint static gint
-nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) +//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error)
+nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
{ {
GPid pid, pid_auto; GPid pid, pid_auto;
const char **openswan_binary = NULL; @@ -259,12 +260,14 @@ nm_openswan_start_openswan_binary (NMOPE
@@ -259,12 +259,14 @@ nm_openswan_start_openswan_binary (NMOPE
sleep(2); sleep(2);
- /*ipsec auto --up <conn-name>*/ - /*ipsec auto --up <conn-name>*/
openswan_argv = g_ptr_array_new (); openswan_argv = g_ptr_array_new ();
g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
- g_ptr_array_add (openswan_argv, (gpointer) "auto"); g_ptr_array_add (openswan_argv, (gpointer) "auto");
- g_ptr_array_add (openswan_argv, (gpointer) "--up"); g_ptr_array_add (openswan_argv, (gpointer) "--up");
+ g_ptr_array_add (openswan_argv, (gpointer) "whack"); + //g_ptr_array_add (openswan_argv, (gpointer) "--name");
+ g_ptr_array_add (openswan_argv, (gpointer) "--initiate");
+ g_ptr_array_add (openswan_argv, (gpointer) "--name");
g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
+ g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); + //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass");
+ g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); + //g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
g_ptr_array_add (openswan_argv, NULL); g_ptr_array_add (openswan_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
@@ -272,18 +274,18 @@ nm_openswan_start_openswan_binary (NMOPE @@ -277,13 +280,13 @@ nm_openswan_start_openswan_binary (NMOPE
NULL, NULL, error)) {
g_ptr_array_free (openswan_argv, TRUE);
- nm_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message);
+ nm_warning ("openswan: ipsec whack failed to start. error: '%s'", (*error)->message);
return -1;
} }
g_ptr_array_free (openswan_argv, TRUE); g_ptr_array_free (openswan_argv, TRUE);
- nm_info ("openswan: ipsec auto started with pid %d", pid_auto); - nm_info ("openswan: ipsec auto started with pid %d", pid_auto);
+ nm_info ("openswan: ipsec whack started with pid %d", pid_auto); + nm_info ("openswan: ipsec auto started with pid %d", pid_auto);
- NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; - NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
- openswan_watch = g_child_watch_source_new (pid_auto); - openswan_watch = g_child_watch_source_new (pid_auto);
@ -304,18 +276,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
return stdin_fd; return stdin_fd;
} }
@@ -318,8 +320,8 @@ write_one_property (const char *key, con @@ -365,7 +368,7 @@ write_one_property (const char *key, con
WriteConfigInfo *info = (WriteConfigInfo *) user_data;
GType type = G_TYPE_INVALID;
int i;
- const char *default_username;
- const char *props_username;
+ //const char *default_username;
+ //const char *props_username;
const char *leftid;
if (info->error)
@@ -365,19 +367,19 @@ write_one_property (const char *key, con
//write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value); //write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value);
if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) { if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) {
@ -324,21 +285,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value); write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value);
} }
if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { @@ -426,8 +429,8 @@ nm_openswan_config_write (NMSettingVPN *
- default_username = nm_setting_vpn_get_user_name (info->s_vpn);
+ /*default_username = nm_setting_vpn_get_user_name (info->s_vpn);
props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER);
if ( default_username && strlen (default_username)
&& (!props_username || !strlen (props_username))) {
write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n",default_username, (char *) value);
} else {
write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value);
- }
+ }*/
}
} else if (type == G_TYPE_BOOLEAN) {
@@ -426,8 +428,8 @@ nm_openswan_config_write (NMSettingVPN *
gint conf_fd=-1; gint conf_fd=-1;
gint secret_fd=-1; gint secret_fd=-1;
@ -349,7 +296,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
fdtmp1 = conf_fd; fdtmp1 = conf_fd;
if(fdtmp1 != -1) { if(fdtmp1 != -1) {
@@ -454,8 +456,10 @@ nm_openswan_config_write (NMSettingVPN * @@ -454,8 +457,10 @@ nm_openswan_config_write (NMSettingVPN *
write_config_option (fdtmp1, " ike=aes-sha1\n"); write_config_option (fdtmp1, " ike=aes-sha1\n");
write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n"); write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n");
write_config_option (fdtmp1, " nm_configured=yes\n"); write_config_option (fdtmp1, " nm_configured=yes\n");
@ -361,7 +308,7 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
} }
//default_username = nm_setting_vpn_get_user_name (s_vpn); //default_username = nm_setting_vpn_get_user_name (s_vpn);
@@ -514,10 +518,10 @@ real_connect (NMVPNPlugin *plugin, @@ -514,8 +519,8 @@ real_connect (NMVPNPlugin *plugin,
if (!nm_openswan_secrets_validate (s_vpn, error)) if (!nm_openswan_secrets_validate (s_vpn, error))
goto out; goto out;
@ -370,12 +317,9 @@ diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkMan
+ if (!nm_openswan_config_write (s_vpn, error)) + if (!nm_openswan_config_write (s_vpn, error))
+ goto out; + goto out;
- openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error); openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error);
+ openswan_fd = nm_openswan_start_openswan_binary (s_vpn, NM_OPENSWAN_PLUGIN (plugin), error);
if (openswan_fd < 0) if (openswan_fd < 0)
goto out; @@ -622,6 +627,9 @@ real_disconnect (NMVPNPlugin *plugin,
@@ -622,6 +626,9 @@ real_disconnect (NMVPNPlugin *plugin,
} }
g_ptr_array_free (openswan_argv, TRUE); g_ptr_array_free (openswan_argv, TRUE);