rpms/NetworkManager-openswan/devel nm-secret-whack.patch, NONE, 1.1 NetworkManager-openswan.spec, 1.1, 1.2
avesh agarwal
avesh at fedoraproject.org
Thu Jul 8 16:41:03 UTC 2010
Author: avesh
Update of /cvs/pkgs/rpms/NetworkManager-openswan/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv31558
Modified Files:
NetworkManager-openswan.spec
Added Files:
nm-secret-whack.patch
Log Message:
* Thu Jul 8 2010 Avesh Agarwal <avagarwa at redhat.com> - 0.8.0-2.20100411git
- Modified to initiate VPN connections with openswan whack interface
- Fixed the issue of world readable conf and secret files
- Cleaned conf and secret files after VPN connection is stopped
- Fixed the issue of storing sensitive information like user
password in a file (rhbz# 607352)
- Changed PLUTO_SERVERBANNER to PLUTO_PEER_BANNER due
to the same change in Openswan
- Modifed GUI to remove unused configuration boxes
nm-secret-whack.patch:
properties/nm-openswan-dialog.glade | 111 +++++++++++-------------------------
properties/nm-openswan.c | 24 +++----
src/nm-openswan-service-helper.c | 4 -
src/nm-openswan-service.c | 59 ++++++++++---------
4 files changed, 81 insertions(+), 117 deletions(-)
--- NEW FILE nm-secret-whack.patch ---
diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan.c NetworkManager-openswan-0.8/properties/nm-openswan.c
--- NetworkManager-openswan-0.8-orig/properties/nm-openswan.c 2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/properties/nm-openswan.c 2010-07-08 12:15:43.376302841 -0400
@@ -426,7 +426,7 @@ init_plugin_ui (OpenswanPluginUiWidget *
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
- widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
+ /*widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
g_return_val_if_fail (widget != NULL, FALSE);
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT);
@@ -442,7 +442,7 @@ init_plugin_ui (OpenswanPluginUiWidget *
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
}
}
- g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
+ g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/
widget = glade_xml_get_widget (priv->xml, "show_passwords_checkbutton");
g_return_val_if_fail (widget != NULL, FALSE);
@@ -530,20 +530,20 @@ update_connection (NMVpnPluginUiWidgetIn
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str);
- widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
- if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
- nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0");
- } else {
+ //widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
+ //if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
+ // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0");
+ //} else {
/* If DPD was disabled and now the user wishes to enable it, just
* don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the
* default DPD idle time. Otherwise keep the original DPD idle timeout.
*/
- if (priv->orig_dpd_timeout >= 10) {
- char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout);
- nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp);
- g_free (tmp);
- }
- }
+ // if (priv->orig_dpd_timeout >= 10) {
+ // char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout);
+ // nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp);
+ // g_free (tmp);
+ // }
+ //}
upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES);
gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES);
diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade
--- NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade 2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade 2010-07-08 12:20:07.277052416 -0400
@@ -1,7 +1,7 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE glade-interface SYSTEM "glade-2.0.dtd">
-<!--*- mode: xml -*-->
+<?xml version="1.0"?>
<glade-interface>
+ <!-- interface-requires gtk+ 2.6 -->
+ <!-- interface-naming-policy toplevel-contextual -->
<widget class="GtkWindow" id="openswan-widget">
<property name="title" translatable="yes">window1</property>
<child>
@@ -23,6 +23,7 @@
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
+ <property name="position">0</property>
</packing>
</child>
<child>
@@ -37,18 +38,6 @@
<property name="column_spacing">6</property>
<property name="row_spacing">6</property>
<child>
- <placeholder/>
- </child>
- <child>
- <placeholder/>
- </child>
- <child>
- <placeholder/>
- </child>
- <child>
- <placeholder/>
- </child>
- <child>
<widget class="GtkComboBox" id="group_pass_type_combo">
<property name="visible">True</property>
<property name="items" translatable="yes"> </property>
@@ -74,10 +63,10 @@
</child>
<child>
<widget class="GtkCheckButton" id="show_passwords_checkbutton">
+ <property name="label" translatable="yes">Show passwords</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="label" translatable="yes">Show passwords</property>
- <property name="response_id">0</property>
+ <property name="receives_default">False</property>
<property name="draw_indicator">True</property>
</widget>
<packing>
@@ -197,6 +186,18 @@
<property name="y_options"></property>
</packing>
</child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
</widget>
</child>
</widget>
@@ -207,6 +208,7 @@
</widget>
<packing>
<property name="expand">False</property>
+ <property name="position">0</property>
</packing>
</child>
<child>
@@ -223,6 +225,7 @@
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
+ <property name="position">0</property>
</packing>
</child>
<child>
@@ -237,47 +240,6 @@
<property name="column_spacing">6</property>
<property name="row_spacing">6</property>
<child>
- <placeholder/>
- </child>
- <child>
- <widget class="GtkCheckButton" id="disable_dpd_checkbutton">
- <property name="visible">True</property>
- <property name="can_focus">True</property>
- <property name="label" translatable="yes">Disable Dead Peer Detection</property>
- <property name="response_id">0</property>
- <property name="draw_indicator">True</property>
- </widget>
- <packing>
- <property name="left_attach">1</property>
- <property name="right_attach">2</property>
- <property name="top_attach">4</property>
- <property name="bottom_attach">5</property>
- </packing>
- </child>
- <child>
- <widget class="GtkComboBox" id="encryption_combo">
- <property name="visible">True</property>
- <property name="items" translatable="yes"> </property>
- </widget>
- <packing>
- <property name="left_attach">1</property>
- <property name="right_attach">2</property>
- <property name="top_attach">2</property>
- <property name="bottom_attach">3</property>
- </packing>
- </child>
- <child>
- <widget class="GtkLabel" id="label1">
- <property name="visible">True</property>
- <property name="xalign">0</property>
- <property name="label" translatable="yes">Encryption method:</property>
- </widget>
- <packing>
- <property name="top_attach">2</property>
- <property name="bottom_attach">3</property>
- </packing>
- </child>
- <child>
<widget class="GtkLabel" id="label26">
<property name="visible">True</property>
<property name="xalign">0</property>
@@ -326,27 +288,22 @@
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label2">
- <property name="visible">True</property>
- <property name="xalign">0</property>
- <property name="label" translatable="yes">NAT traversal:</property>
- </widget>
- <packing>
- <property name="top_attach">3</property>
- <property name="bottom_attach">4</property>
- </packing>
+ <placeholder/>
</child>
<child>
- <widget class="GtkComboBox" id="natt_combo">
- <property name="visible">True</property>
- <property name="items" translatable="yes"> </property>
- </widget>
- <packing>
- <property name="left_attach">1</property>
- <property name="right_attach">2</property>
- <property name="top_attach">3</property>
- <property name="bottom_attach">4</property>
- </packing>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
+ </child>
+ <child>
+ <placeholder/>
</child>
</widget>
</child>
diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c
--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-08 11:39:24.904302790 -0400
@@ -202,14 +202,14 @@ openswan_watch_cb_auto (GPid pid, gint s
if (WIFEXITED (status)) {
error = WEXITSTATUS (status);
if (error != 0)
- nm_warning ("openswan: ipsec auto exited with error code %d", error);
+ nm_warning ("openswan: ipsec whack exited with error code %d", error);
}
else if (WIFSTOPPED (status))
- nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status));
+ nm_warning ("openswan: ipsec whack stopped unexpectedly with signal %d", WSTOPSIG (status));
else if (WIFSIGNALED (status))
- nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status));
+ nm_warning ("openswan: ipsec whack died with signal %d", WTERMSIG (status));
else
- nm_warning ("openswan: ipsec auto died from an unknown cause");
+ nm_warning ("openswan: ipsec whack died from an unknown cause");
/* Reap child if needed. */
waitpid (priv->pid_auto, NULL, WNOHANG);
@@ -218,7 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s
static gint
-nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
+nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error)
{
GPid pid, pid_auto;
const char **openswan_binary = NULL;
@@ -259,12 +259,14 @@ nm_openswan_start_openswan_binary (NMOPE
sleep(2);
- /*ipsec auto --up <conn-name>*/
openswan_argv = g_ptr_array_new ();
g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
- g_ptr_array_add (openswan_argv, (gpointer) "auto");
- g_ptr_array_add (openswan_argv, (gpointer) "--up");
+ g_ptr_array_add (openswan_argv, (gpointer) "whack");
+ g_ptr_array_add (openswan_argv, (gpointer) "--initiate");
+ g_ptr_array_add (openswan_argv, (gpointer) "--name");
g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
+ g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass");
+ g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
g_ptr_array_add (openswan_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
@@ -272,18 +274,18 @@ nm_openswan_start_openswan_binary (NMOPE
NULL, NULL, error)) {
g_ptr_array_free (openswan_argv, TRUE);
- nm_warning ("openswan: ipsec auto failed to start. error: '%s'", (*error)->message);
+ nm_warning ("openswan: ipsec whack failed to start. error: '%s'", (*error)->message);
return -1;
}
g_ptr_array_free (openswan_argv, TRUE);
- nm_info ("openswan: ipsec auto started with pid %d", pid_auto);
+ nm_info ("openswan: ipsec whack started with pid %d", pid_auto);
- NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
- openswan_watch = g_child_watch_source_new (pid_auto);
- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
- g_source_attach (openswan_watch, NULL);
- g_source_unref (openswan_watch);
+ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
+ openswan_watch = g_child_watch_source_new (pid_auto);
+ g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
+ g_source_attach (openswan_watch, NULL);
+ g_source_unref (openswan_watch);
return stdin_fd;
}
@@ -318,8 +320,8 @@ write_one_property (const char *key, con
WriteConfigInfo *info = (WriteConfigInfo *) user_data;
GType type = G_TYPE_INVALID;
int i;
- const char *default_username;
- const char *props_username;
+ //const char *default_username;
+ //const char *props_username;
const char *leftid;
if (info->error)
@@ -365,19 +367,19 @@ write_one_property (const char *key, con
//write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value);
if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) {
- leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID);
+ leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID);
write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value);
}
if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) {
- default_username = nm_setting_vpn_get_user_name (info->s_vpn);
+ /*default_username = nm_setting_vpn_get_user_name (info->s_vpn);
props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER);
if ( default_username && strlen (default_username)
&& (!props_username || !strlen (props_username))) {
write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n",default_username, (char *) value);
} else {
write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value);
- }
+ }*/
}
} else if (type == G_TYPE_BOOLEAN) {
@@ -426,8 +428,8 @@ nm_openswan_config_write (NMSettingVPN *
gint conf_fd=-1;
gint secret_fd=-1;
- conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
- secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+ conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
+ secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
fdtmp1 = conf_fd;
if(fdtmp1 != -1) {
@@ -454,8 +456,10 @@ nm_openswan_config_write (NMSettingVPN *
write_config_option (fdtmp1, " ike=aes-sha1\n");
write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n");
write_config_option (fdtmp1, " nm_configured=yes\n");
- //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH);
+ //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH);
write_config_option (fdtmp1, " auto=add\n");
+ //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME));
+ //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME));
}
//default_username = nm_setting_vpn_get_user_name (s_vpn);
@@ -514,10 +518,10 @@ real_connect (NMVPNPlugin *plugin,
if (!nm_openswan_secrets_validate (s_vpn, error))
goto out;
- if (!nm_openswan_config_write (s_vpn, error))
- goto out;
+ if (!nm_openswan_config_write (s_vpn, error))
+ goto out;
- openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error);
+ openswan_fd = nm_openswan_start_openswan_binary (s_vpn, NM_OPENSWAN_PLUGIN (plugin), error);
if (openswan_fd < 0)
goto out;
@@ -622,6 +626,9 @@ real_disconnect (NMVPNPlugin *plugin,
}
g_ptr_array_free (openswan_argv, TRUE);
+ unlink("/etc/ipsec.d/ipsec-nm-conn1.conf");
+ unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets");
+
return TRUE;
}
diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c
--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c 2010-06-04 17:50:13.000000000 -0400
+++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c 2010-07-06 15:10:51.737035482 -0400
@@ -195,7 +195,7 @@ addr_list_to_gvalue (const char *str)
* PLUTO_MY_SOURCEIP -- address
* PLUTO_CISCO_DNS_INFO -- list of dns serverss
* PLUTO_CISCO_DOMAIN_INFO -- default domain name
- * PLUTO_SERVERBANNER -- banner from server
+ * PLUTO_PEER_BANNER -- banner from server
*
*/
int
@@ -288,7 +288,7 @@ main (int argc, char *argv[])
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val);
/* Banner */
- val = str_to_gvalue (getenv ("PLUTO_SERVERBANNER"), TRUE);
+ val = str_to_gvalue (getenv ("PLUTO_PEER_BANNER"), TRUE);
if (val)
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val);
Index: NetworkManager-openswan.spec
===================================================================
RCS file: /cvs/pkgs/rpms/NetworkManager-openswan/devel/NetworkManager-openswan.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- NetworkManager-openswan.spec 15 Jun 2010 15:29:43 -0000 1.1
+++ NetworkManager-openswan.spec 8 Jul 2010 16:41:02 -0000 1.2
@@ -6,7 +6,7 @@
Summary: NetworkManager VPN plug-in for openswan
Name: NetworkManager-openswan
Version: 0.8.0
-Release: 1%{snapshot}%{?dist}
+Release: 2%{snapshot}%{?dist}
License: GPLv2+
Group: System Environment/Base
URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/
@@ -17,6 +17,9 @@ URL: http://people.redhat.com/avag
Source0: http://people.redhat.com/avagarwa/files/%{name}/%{name}-%{realversion}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
+
+Patch1: nm-secret-whack.patch
+
BuildRequires: gtk2-devel
#BuildRequires: dbus-devel
#BuildRequires: NetworkManager-devel
@@ -38,6 +41,8 @@ with NetworkManager and the GNOME deskto
%prep
%setup -q -n NetworkManager-openswan-%{realversion}
+%patch1 -p1
+
%build
%configure --disable-static --enable-more-warnings=yes
make %{?_smp_mflags}
@@ -71,5 +76,15 @@ rm -rf $RPM_BUILD_ROOT
%dir %{_datadir}/gnome-vpn-properties/openswan
%changelog
-* Tue Jun 15 2010 Avesh Agarwal <avagarwa at redhat.com> - 0.8.0-1.20100411git
+* Thu Jul 8 2010 Avesh Agarwal <avagarwa at redhat.com> - 0.8.0-2.20100411git
+- Modified to initiate VPN connections with openswan whack interface
+- Fixed the issue of world readable conf and secret files
+- Cleaned conf and secret files after VPN connection is stopped
+- Fixed the issue of storing sensitive information like user
+ password in a file (rhbz# 607352)
+- Changed PLUTO_SERVERBANNER to PLUTO_PEER_BANNER due
+ to the same change in Openswan
+- Modifed GUI to remove unused configuration boxes
+
+* Tue Jun 15 2010 Avesh Agarwal <avagarwa at redhat.com> - 0.8.0-1.20100411git
- Initial build
More information about the scm-commits
mailing list