From 0f0b2d375901e302e8a619e3911321f511b52885 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 9 Jan 2024 23:30:42 +0100
Subject: [PATCH 1/5] service,properties: add support for leftmodecfgclient

Previously the plugin always set leftmodecfgclient=yes, which is used
for roaming clients to obtain a dynamic IP. In a server-to-server
scenario we don't want that option; allow omitting it by passing
leftmodecfgclient=no. It's somehow confusing that the new option has
the opposite default value than Libreswan, but that's the only way to
keep backwards compatibility for existing configurations.
---
 properties/nm-libreswan-dialog.ui       | 26 +++++++++++++++++++++++++
 properties/nm-libreswan-editor-plugin.c |  2 ++
 properties/nm-libreswan-editor.c        |  9 +++++++++
 shared/nm-service-defines.h             |  1 +
 shared/utils.c                          |  8 +++++++-
 src/nm-libreswan-service.c              |  1 +
 6 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
index b5c0d9e..89243cc 100644
--- a/properties/nm-libreswan-editor-plugin.c
+++ b/properties/nm-libreswan-editor-plugin.c
@@ -182,6 +182,8 @@ import_from_file (NMVpnEditorPlugin *self,
 			nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME, &str[13]);
 		else if (g_str_has_prefix (str, "leftcert="))
 			nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTCERT, &str[9]);
+		else if (nm_streq0 (str, "leftmodecfgclient=no"))
+			nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT, "no");
 		else if (g_str_has_prefix (str, "pfs=no"))
 			nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_PFS, "no");
 		else if (g_str_has_prefix (str, "cisco-unity=yes"))
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 3fdf2ef..14170ad 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -41,6 +41,7 @@
 #define NM_LIBRESWAN_KEY_LEFTID                     "leftid"
 #define NM_LIBRESWAN_KEY_LEFTRSASIGKEY              "leftrsasigkey"
 #define NM_LIBRESWAN_KEY_LEFTCERT                   "leftcert"
+#define NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT          "leftmodecfgclient"
 #define NM_LIBRESWAN_KEY_AUTHBY                     "authby"
 #define NM_LIBRESWAN_KEY_PSK_VALUE                  "pskvalue"
 #define NM_LIBRESWAN_KEY_PSK_INPUT_MODES            "pskinputmodes"
diff --git a/shared/utils.c b/shared/utils.c
index cbc117c..0bac9e6 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -191,7 +191,13 @@ nm_libreswan_config_write (gint fd,
 	else
 		WRITE_CHECK (fd, debug_write_fcn, error, " left=%%defaultroute");
 
-	WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=yes");
+	item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT);
+	if (nm_streq0 (item, "no")) {
+		WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=no");
+	} else {
+		WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=yes");
+	}
+
 	if (leftupdown_script)
 		WRITE_CHECK (fd, debug_write_fcn, error, " leftupdown=%s", leftupdown_script);
 
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index fc470a6..874f767 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -256,6 +256,7 @@ static ValidProperty valid_properties[] = {
 	{ NM_LIBRESWAN_KEY_LEFTUSERNAME,               G_TYPE_STRING, 0, 0 },
 	{ NM_LIBRESWAN_KEY_LEFTRSASIGKEY,              G_TYPE_STRING, 0, 0 },
 	{ NM_LIBRESWAN_KEY_LEFTCERT,                   G_TYPE_STRING, 0, 0 },
+	{ NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT,          G_TYPE_STRING, 0, 0 },
 	{ NM_LIBRESWAN_KEY_AUTHBY,                     G_TYPE_STRING, 0, 0 },
 	{ NM_LIBRESWAN_KEY_DOMAIN,                     G_TYPE_STRING, 0, 0 },
 	{ NM_LIBRESWAN_KEY_DHGROUP,                    G_TYPE_STRING, 0, 0 },
-- 
2.43.0