diff -up NetworkManager-openswan-0.8/properties/nm-openswan.c.nm09 NetworkManager-openswan-0.8/properties/nm-openswan.c --- NetworkManager-openswan-0.8/properties/nm-openswan.c.nm09 2011-03-27 17:51:22.426710054 -0700 +++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2011-03-27 17:58:58.457008890 -0700 @@ -170,43 +170,41 @@ fill_vpn_passwords (OpenswanPluginUiWidg char *password = NULL; char *group_password = NULL; - /* Grab secrets from the keyring */ + /* Grab secrets from the connection or the keyring */ if (connection) { NMSettingConnection *s_con; NMSettingVPN *s_vpn; + NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; const char *tmp; + s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); + s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); + if (s_vpn) { + tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD); + if (tmp) + password = gnome_keyring_memory_strdup (tmp); + + tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE); + if (tmp) + group_password = gnome_keyring_memory_strdup (tmp); + } - if (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_SYSTEM) { - if (s_vpn) { - tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD); - if (tmp) - password = gnome_keyring_memory_strdup (tmp); - - tmp = nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE); - if (tmp) - group_password = gnome_keyring_memory_strdup (tmp); - } - } else { - s_con = NM_SETTING_CONNECTION (nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION)); - - /* Lookup passwords in the keyring, and if they weren't there, try - * the connection itself, which is where they'd be right after import. - */ + nm_setting_get_secret_flags (NM_SETTING (s_vpn), OPENSWAN_USER_PASSWORD, &secret_flags, NULL); + if (!password && (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED)) { keyring_helpers_get_one_secret (nm_setting_connection_get_uuid (s_con), - OPENSWAN_USER_PASSWORD, - &password, - NULL); - if (!password) - password = gnome_keyring_memory_strdup (nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD)); + OPENSWAN_USER_PASSWORD, + &password, + NULL); + } + secret_flags = NM_SETTING_SECRET_FLAG_NONE; + nm_setting_get_secret_flags (NM_SETTING (s_vpn), OPENSWAN_GROUP_PASSWORD, &secret_flags, NULL); + if (!group_password && (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED)) { keyring_helpers_get_one_secret (nm_setting_connection_get_uuid (s_con), OPENSWAN_GROUP_PASSWORD, &group_password, NULL); - if (!group_password) - group_password = gnome_keyring_memory_strdup (nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_PSK_VALUE)); } } @@ -300,6 +298,20 @@ pw_type_combo_changed_cb (GtkWidget *com stuff_changed_cb (combo, self); } +static const char * +secret_flags_to_pw_type (NMSettingVPN *s_vpn, const char *key) +{ + NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; + + if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), key, &flags, NULL)) { + if (flags & NM_SETTING_SECRET_FLAG_NOT_REQUIRED) + return NM_OPENSWAN_PW_TYPE_UNUSED; + if (flags & NM_SETTING_SECRET_FLAG_NOT_SAVED) + return NM_OPENSWAN_PW_TYPE_ASK; + } + return NM_OPENSWAN_PW_TYPE_SAVE; +} + static void init_one_pw_combo (OpenswanPluginUiWidget *self, NMSettingVPN *s_vpn, @@ -330,6 +342,8 @@ init_one_pw_combo (OpenswanPluginUiWidge store = gtk_list_store_new (1, G_TYPE_STRING); if (s_vpn) value = nm_setting_vpn_get_data_item (s_vpn, key); + if (!value) + value = secret_flags_to_pw_type (s_vpn, key); gtk_list_store_append (store, &iter); gtk_list_store_set (store, &iter, 0, _("Saved"), -1); @@ -485,26 +499,35 @@ get_widget (NMVpnPluginUiWidgetInterface static guint32 handle_one_pw_type (NMSettingVPN *s_vpn, GladeXML *xml, const char *name, const char *key) { + NMSettingSecretFlags flags = NM_SETTING_SECRET_FLAG_NONE; GtkWidget *widget; guint32 pw_type; + const char *data_val = NULL; widget = glade_xml_get_widget (xml, name); + nm_setting_get_secret_flags (NM_SETTING (s_vpn), key, &flags, NULL); + flags &= ~(NM_SETTING_SECRET_FLAG_NOT_SAVED | NM_SETTING_SECRET_FLAG_NOT_REQUIRED); + pw_type = gtk_combo_box_get_active (GTK_COMBO_BOX (widget)); switch (pw_type) { case PW_TYPE_SAVE: - nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_SAVE); + data_val = NM_OPENSWAN_PW_TYPE_SAVE; break; case PW_TYPE_UNUSED: - nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_UNUSED); + data_val = NM_OPENSWAN_PW_TYPE_UNUSED; + flags |= NM_SETTING_SECRET_FLAG_NOT_REQUIRED; break; case PW_TYPE_ASK: default: pw_type = PW_TYPE_ASK; - nm_setting_vpn_add_data_item (s_vpn, key, NM_OPENSWAN_PW_TYPE_ASK); + data_val = NM_OPENSWAN_PW_TYPE_ASK; + flags |= NM_SETTING_SECRET_FLAG_NOT_SAVED; break; } + nm_setting_vpn_add_data_item (s_vpn, key, data_val); + nm_setting_set_secret_flags (NM_SETTING (s_vpn), key, flags, NULL); return pw_type; } @@ -580,22 +603,17 @@ update_connection (NMVpnPluginUiWidgetIn upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES); gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES); - /* System secrets get stored in the connection, user secrets are saved - * via the save_secrets() hook. - */ - if (nm_connection_get_scope (connection) == NM_CONNECTION_SCOPE_SYSTEM) { - /* User password */ - widget = glade_xml_get_widget (priv->xml, "user_password_entry"); - str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); - if (str && strlen (str) && (upw_type != PW_TYPE_UNUSED)) - nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD, str); - - /* Group password */ - widget = glade_xml_get_widget (priv->xml, "group_password_entry"); - str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); - if (str && strlen (str) && (gpw_type != PW_TYPE_UNUSED)) - nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_PSK_VALUE, str); - } + /* User password */ + widget = glade_xml_get_widget (priv->xml, "user_password_entry"); + str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); + if (str && strlen (str) && (upw_type != PW_TYPE_UNUSED)) + nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD, str); + + /* Group password */ + widget = glade_xml_get_widget (priv->xml, "group_password_entry"); + str = (char *) gtk_entry_get_text (GTK_ENTRY (widget)); + if (str && strlen (str) && (gpw_type != PW_TYPE_UNUSED)) + nm_setting_vpn_add_secret (s_vpn, NM_OPENSWAN_PSK_VALUE, str); nm_connection_add_setting (connection, NM_SETTING (s_vpn)); return TRUE; @@ -642,24 +660,36 @@ save_secrets (NMVpnPluginUiWidgetInterfa OpenswanPluginUiWidget *self = OPENSWAN_PLUGIN_UI_WIDGET (iface); OpenswanPluginUiWidgetPrivate *priv = OPENSWAN_PLUGIN_UI_WIDGET_GET_PRIVATE (self); NMSettingConnection *s_con; + NMSettingVPN *s_vpn; const char *id, *uuid; + NMSettingSecretFlags secret_flags = NM_SETTING_SECRET_FLAG_NONE; s_con = (NMSettingConnection *) nm_connection_get_setting (connection, NM_TYPE_SETTING_CONNECTION); - if (!s_con) { + s_vpn = (NMSettingVPN *) nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN); + if (!s_con || !s_vpn) { g_set_error (error, OPENSWAN_PLUGIN_UI_ERROR, OPENSWAN_PLUGIN_UI_ERROR_INVALID_CONNECTION, - "missing 'connection' setting"); + "missing connection or VPN settings"); return FALSE; } id = nm_setting_connection_get_id (s_con); uuid = nm_setting_connection_get_uuid (s_con); - save_one_password (priv->xml, OPENSWAN_USER_PASSWORD, uuid, id, - "user_password_entry", "user_pass_type_combo", "user password"); - save_one_password (priv->xml, OPENSWAN_GROUP_PASSWORD, uuid, id, - "group_password_entry", "group_pass_type_combo", "group password"); + if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_OPENSWAN_XAUTH_PASSWORD, &secret_flags, NULL)) { + if (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED) { + save_one_password (priv->xml, OPENSWAN_USER_PASSWORD, uuid, id, + "user_password_entry", "user_pass_type_combo", "user password"); + } + } + + if (nm_setting_get_secret_flags (NM_SETTING (s_vpn), NM_OPENSWAN_PSK_VALUE, &secret_flags, NULL)) { + if (secret_flags & NM_SETTING_SECRET_FLAG_AGENT_OWNED) { + save_one_password (priv->xml, OPENSWAN_GROUP_PASSWORD, uuid, id, + "group_password_entry", "group_pass_type_combo", "group password"); + } + } return TRUE; } diff -up NetworkManager-openswan-0.8/src/nm-openswan-service.c.nm09 NetworkManager-openswan-0.8/src/nm-openswan-service.c --- NetworkManager-openswan-0.8/src/nm-openswan-service.c.nm09 2011-03-27 17:50:42.579208216 -0700 +++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2011-03-27 17:59:44.777429804 -0700 @@ -204,14 +204,14 @@ openswan_watch_cb_auto (GPid pid, gint s if (WIFEXITED (status)) { error = WEXITSTATUS (status); if (error != 0) - nm_warning ("openswan: ipsec auto exited with error code %d", error); + g_warning ("openswan: ipsec auto exited with error code %d", error); } else if (WIFSTOPPED (status)) - nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); + g_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status)); else if (WIFSIGNALED (status)) - nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); + g_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status)); else - nm_warning ("openswan: ipsec auto died from an unknown cause"); + g_warning ("openswan: ipsec auto died from an unknown cause"); /* Reap child if needed. */ //waitpid (priv->pid_auto, NULL, WNOHANG); @@ -274,12 +274,12 @@ nm_openswan_start_openswan_binary (NMOPE if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, 0, NULL, NULL, &pid, error)) { g_ptr_array_free (openswan_argv, TRUE); - nm_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); + g_warning ("openswan ipsec failed to start. error: '%s'", (*error)->message); return -1; } g_ptr_array_free (openswan_argv, TRUE); - nm_info ("openswan: ipsec started with pid %d", pid); + g_message ("openswan: ipsec started with pid %d", pid); NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid; openswan_watch = g_child_watch_source_new (pid); @@ -307,12 +307,12 @@ nm_openswan_start_openswan_binary (NMOPE NULL, NULL, error)) { g_ptr_array_free (openswan_argv, TRUE); - nm_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); + g_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message); return -1; } g_ptr_array_free (openswan_argv, TRUE); - nm_info ("openswan: ipsec auto started with pid %d", pid_auto); + g_message ("openswan: ipsec auto started with pid %d", pid_auto); /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto; openswan_watch = g_child_watch_source_new (pid_auto); @@ -362,14 +362,14 @@ nm_openswan_start_openswan_connection (N NULL, NULL, error)) { g_ptr_array_free (openswan_argv, TRUE); - nm_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); + g_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message); return -1; } g_ptr_array_free (openswan_argv, TRUE); sleep(3); - nm_info ("openswan: ipsec auto connection started with pid %d", pid); + g_message ("openswan: ipsec auto connection started with pid %d", pid); return stdin_fd; } @@ -384,7 +384,7 @@ write_config_option (int fd, const char string = g_strdup_vprintf (format, args); if ( write (fd, string, strlen (string)) == -1) { - nm_warning ("nm-openswan: error in write_config_option"); + g_warning ("nm-openswan: error in write_config_option"); } g_free (string); @@ -497,7 +497,7 @@ write_one_property (const char *key, con /* ignored */ } else { /* Just ignore unknown properties */ - nm_warning ("Don't know how to write property '%s' with type %s", + g_warning ("Don't know how to write property '%s' with type %s", (char *) key, g_type_name (type)); } } @@ -784,7 +784,7 @@ real_disconnect (NMVPNPlugin *plugin, if (!g_spawn_async (NULL, (char **) openswan_argv->pdata, NULL, 0, NULL, NULL, NULL, error)) { g_ptr_array_free (openswan_argv, TRUE); - nm_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); + g_warning ("Openswan (pluto) failed to stop. error: '%s'", (*error)->message); return -1; } g_ptr_array_free (openswan_argv, TRUE); diff -up NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c.nm09 NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c --- NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c.nm09 2011-03-27 17:50:51.747093599 -0700 +++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c 2011-03-27 17:59:44.779429780 -0700 @@ -48,7 +48,7 @@ helper_failed (DBusGConnection *connecti DBusGProxy *proxy; GError *err = NULL; - nm_warning ("nm-openswan-service-helper did not receive a valid %s from openswan", reason); + g_warning ("nm-openswan-service-helper did not receive a valid %s from openswan", reason); proxy = dbus_g_proxy_new_for_name (connection, NM_DBUS_SERVICE_OPENSWAN, @@ -61,7 +61,7 @@ helper_failed (DBusGConnection *connecti G_TYPE_INVALID); if (err) { - nm_warning ("Could not send failure information: %s", err->message); + g_warning ("Could not send failure information: %s", err->message); g_error_free (err); } @@ -88,7 +88,7 @@ send_ip4_config (DBusGConnection *connec G_TYPE_INVALID); if (err) { - nm_warning ("Could not send IPv4 configuration: %s", err->message); + g_warning ("Could not send IPv4 configuration: %s", err->message); g_error_free (err); } @@ -221,7 +221,7 @@ main (int argc, char *argv[]) connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &err); if (!connection) { - nm_warning ("Could not get the system bus: %s", err->message); + g_warning ("Could not get the system bus: %s", err->message); exit (1); } @@ -299,7 +299,7 @@ main (int argc, char *argv[]) errno = 0; mtu = strtol (tmp, NULL, 10); if (errno || mtu < 0 || mtu > 20000) { - nm_warning ("Ignoring invalid tunnel MTU '%s'", tmp); + g_warning ("Ignoring invalid tunnel MTU '%s'", tmp); mtu = 1412; } }