diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan.c NetworkManager-openswan-0.8/properties/nm-openswan.c --- NetworkManager-openswan-0.8-orig/properties/nm-openswan.c 2010-06-04 17:50:13.000000000 -0400 +++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2010-07-08 12:15:43.376302841 -0400 @@ -426,7 +426,7 @@ init_plugin_ui (OpenswanPluginUiWidget * } g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self); - widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); + /*widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); g_return_val_if_fail (widget != NULL, FALSE); if (s_vpn) { value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT); @@ -442,7 +442,7 @@ init_plugin_ui (OpenswanPluginUiWidget * gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE); } } - g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self); + g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/ widget = glade_xml_get_widget (priv->xml, "show_passwords_checkbutton"); g_return_val_if_fail (widget != NULL, FALSE); @@ -530,20 +530,20 @@ update_connection (NMVpnPluginUiWidgetIn if (str && strlen (str)) nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str); - widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); - if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { - nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); - } else { + //widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton"); + //if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) { + // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0"); + //} else { /* If DPD was disabled and now the user wishes to enable it, just * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the * default DPD idle time. Otherwise keep the original DPD idle timeout. */ - if (priv->orig_dpd_timeout >= 10) { - char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); - nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); - g_free (tmp); - } - } + // if (priv->orig_dpd_timeout >= 10) { + // char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout); + // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp); + // g_free (tmp); + // } + //} upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES); diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade --- NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade 2010-06-04 17:50:13.000000000 -0400 +++ NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade 2010-07-08 12:20:07.277052416 -0400 @@ -1,7 +1,7 @@ - - - + + + window1 @@ -23,6 +23,7 @@ False False + 0 @@ -37,18 +38,6 @@ 6 6 - - - - - - - - - - - - True @@ -74,10 +63,10 @@ + Show passwords True True - Show passwords - 0 + False True @@ -197,6 +186,18 @@ + + + + + + + + + + + + @@ -207,6 +208,7 @@ False + 0 @@ -223,6 +225,7 @@ False False + 0 @@ -237,47 +240,6 @@ 6 6 - - - - - True - True - Disable Dead Peer Detection - 0 - True - - - 1 - 2 - 4 - 5 - - - - - True - - - - 1 - 2 - 2 - 3 - - - - - True - 0 - Encryption method: - - - 2 - 3 - - - True 0 @@ -326,27 +288,22 @@ - - True - 0 - NAT traversal: - - - 3 - 4 - + - - True - - - - 1 - 2 - 3 - 4 - + + + + + + + + + + + + + diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c --- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400 +++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-13 18:19:05.137333584 -0400 @@ -212,12 +212,32 @@ openswan_watch_cb_auto (GPid pid, gint s nm_warning ("openswan: ipsec auto died from an unknown cause"); /* Reap child if needed. */ - waitpid (priv->pid_auto, NULL, WNOHANG); - priv->pid_auto = 0; + //waitpid (priv->pid_auto, NULL, WNOHANG); + //priv->pid_auto = 0; + + waitpid (priv->pid, NULL, WNOHANG); + priv->pid = 0; + + /* Must be after data->state is set since signals use data->state */ + switch (error) { + case 2: + /* Couldn't log in due to bad user/pass */ + nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); + break; + case 1: + /* Other error (couldn't bind to address, etc) */ + nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED); + break; + default: + break; + } + + nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED); } static gint +//nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error) nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error) { GPid pid, pid_auto; @@ -257,14 +277,27 @@ nm_openswan_start_openswan_binary (NMOPE } g_ptr_array_free (openswan_argv, TRUE); + nm_info ("openswan: ipsec started with pid %d", pid); + + NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; + openswan_watch = g_child_watch_source_new (pid); + g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); + g_source_attach (openswan_watch, NULL); + g_source_unref (openswan_watch); + sleep(2); - /*ipsec auto --up */ openswan_argv = g_ptr_array_new (); g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); g_ptr_array_add (openswan_argv, (gpointer) "auto"); - g_ptr_array_add (openswan_argv, (gpointer) "--up"); + g_ptr_array_add (openswan_argv, (gpointer) "--add"); + g_ptr_array_add (openswan_argv, (gpointer) "--config"); + g_ptr_array_add (openswan_argv, (gpointer) "-"); + //g_ptr_array_add (openswan_argv, (gpointer) "--up"); + //g_ptr_array_add (openswan_argv, (gpointer) "--name"); g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); + //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass"); + //g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); g_ptr_array_add (openswan_argv, NULL); if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, @@ -277,13 +310,64 @@ nm_openswan_start_openswan_binary (NMOPE } g_ptr_array_free (openswan_argv, TRUE); - nm_info ("openswan: ipsec auto started with pid %d", pid_auto); + nm_info ("openswan: ipsec auto started with pid %d", pid_auto); - NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; - openswan_watch = g_child_watch_source_new (pid_auto); - g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); - g_source_attach (openswan_watch, NULL); - g_source_unref (openswan_watch); + /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; + openswan_watch = g_child_watch_source_new (pid_auto); + g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL); + g_source_attach (openswan_watch, NULL); + g_source_unref (openswan_watch);*/ + + return stdin_fd; +} + + + +static gint +nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error) +{ + GPid pid; + const char **openswan_binary = NULL; + GPtrArray *openswan_argv; + gint stdin_fd; + + /* Find openswan ipsec */ + openswan_binary = openswan_binary_paths; + while (*openswan_binary != NULL) { + if (g_file_test (*openswan_binary, G_FILE_TEST_EXISTS)) + break; + openswan_binary++; + } + + if (!*openswan_binary) { + g_set_error (error, + NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, + "%s", + "Could not find openswan binary."); + return -1; + } + + openswan_argv = g_ptr_array_new (); + g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary)); + g_ptr_array_add (openswan_argv, (gpointer) "auto"); + g_ptr_array_add (openswan_argv, (gpointer) "--up"); + g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1"); + g_ptr_array_add (openswan_argv, NULL); + + if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL, + G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, &stdin_fd, + NULL, NULL, error)) { + + g_ptr_array_free (openswan_argv, TRUE); + nm_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); + return -1; + } + g_ptr_array_free (openswan_argv, TRUE); + + sleep(3); + + nm_info ("openswan: ipsec auto connection started with pid %d", pid); return stdin_fd; } @@ -318,8 +402,8 @@ write_one_property (const char *key, con WriteConfigInfo *info = (WriteConfigInfo *) user_data; GType type = G_TYPE_INVALID; int i; - const char *default_username; - const char *props_username; + //const char *default_username; + //const char *props_username; const char *leftid; if (info->error) @@ -365,11 +449,11 @@ write_one_property (const char *key, con //write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value); if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) { - leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID); + leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID); write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value); } - if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { + /*if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) { default_username = nm_setting_vpn_get_user_name (info->s_vpn); props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER); if ( default_username && strlen (default_username) @@ -378,7 +462,7 @@ write_one_property (const char *key, con } else { write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value); } - } + }*/ } else if (type == G_TYPE_BOOLEAN) { if (!strcmp (value, "yes")) { @@ -414,22 +498,22 @@ write_one_property (const char *key, con } static gboolean -nm_openswan_config_write (NMSettingVPN *s_vpn, +nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn, GError **error) { WriteConfigInfo *info; const char *props_username; //const char *props_natt_mode; const char *default_username; - const char *pw_type; + //const char *pw_type; gint fdtmp1=-1; - gint conf_fd=-1; - gint secret_fd=-1; + //gint conf_fd=-1; + //gint secret_fd=-1; - conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); - secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + //conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); + //secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); - fdtmp1 = conf_fd; + fdtmp1 = openswan_fd; if(fdtmp1 != -1) { write_config_option (fdtmp1, "conn nm-conn1\n"); write_config_option (fdtmp1, " aggrmode=yes\n"); @@ -454,8 +538,10 @@ nm_openswan_config_write (NMSettingVPN * write_config_option (fdtmp1, " ike=aes-sha1\n"); write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n"); write_config_option (fdtmp1, " nm_configured=yes\n"); - //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); + //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH); write_config_option (fdtmp1, " auto=add\n"); + //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME)); + //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME)); } //default_username = nm_setting_vpn_get_user_name (s_vpn); @@ -472,7 +558,49 @@ nm_openswan_config_write (NMSettingVPN * info = g_malloc0 (sizeof (WriteConfigInfo)); //info->fd = openswan_fd; - info->conf_fd = conf_fd; + //info->conf_fd = conf_fd; + info->conf_fd = openswan_fd; + //info->secret_fd = secret_fd; + info->s_vpn = s_vpn; + + /* Check for ignored user password */ + /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); + if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) + info->upw_ignored = TRUE;*/ + + /* Check for ignored group password */ + /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_PSK_INPUT_MODES); + if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) + info->gpw_ignored = TRUE;*/ + + nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); + //nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); + *error = info->error; + //close(conf_fd); + close(openswan_fd); + sleep(3); + //close(secret_fd); + g_free (info); + + return *error ? FALSE : TRUE; +} + + +static gboolean +nm_openswan_config_secret_write (NMSettingVPN *s_vpn, + GError **error) +{ + WriteConfigInfo *info; + //const char *props_username; + //const char *default_username; + const char *pw_type; + //gint fdtmp1=-1; + //gint conf_fd=-1; + gint secret_fd=-1; + + secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR); + + info = g_malloc0 (sizeof (WriteConfigInfo)); info->secret_fd = secret_fd; info->s_vpn = s_vpn; @@ -486,16 +614,15 @@ nm_openswan_config_write (NMSettingVPN * if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED)) info->gpw_ignored = TRUE; - nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info); nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info); *error = info->error; - close(conf_fd); close(secret_fd); g_free (info); return *error ? FALSE : TRUE; } + static gboolean real_connect (NMVPNPlugin *plugin, NMConnection *connection, @@ -514,13 +641,31 @@ real_connect (NMVPNPlugin *plugin, if (!nm_openswan_secrets_validate (s_vpn, error)) goto out; - if (!nm_openswan_config_write (s_vpn, error)) - goto out; + if (!nm_openswan_config_secret_write (s_vpn, error)) + goto out; openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error); if (openswan_fd < 0) goto out; + if (!nm_openswan_config_write (openswan_fd, s_vpn, error)) { + goto out; + } + else { + /*no error*/ + openswan_fd=-1; + } + + unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); + + openswan_fd = nm_openswan_start_openswan_connection (NM_OPENSWAN_PLUGIN (plugin), error); + if (openswan_fd < 0) + goto out; + + write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); + close(openswan_fd); + openswan_fd=-1; + success = TRUE; out: @@ -622,6 +767,9 @@ real_disconnect (NMVPNPlugin *plugin, } g_ptr_array_free (openswan_argv, TRUE); + //unlink("/etc/ipsec.d/ipsec-nm-conn1.conf"); + //unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets"); + return TRUE; } diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c --- NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c 2010-06-04 17:50:13.000000000 -0400 +++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c 2010-07-06 15:10:51.737035482 -0400 @@ -195,7 +195,7 @@ addr_list_to_gvalue (const char *str) * PLUTO_MY_SOURCEIP -- address * PLUTO_CISCO_DNS_INFO -- list of dns serverss * PLUTO_CISCO_DOMAIN_INFO -- default domain name - * PLUTO_SERVERBANNER -- banner from server + * PLUTO_PEER_BANNER -- banner from server * */ int @@ -288,7 +288,7 @@ main (int argc, char *argv[]) g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val); /* Banner */ - val = str_to_gvalue (getenv ("PLUTO_SERVERBANNER"), TRUE); + val = str_to_gvalue (getenv ("PLUTO_PEER_BANNER"), TRUE); if (val) g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val);