rpms/NetworkManager-openswan/devel NetworkManager-openswan.spec, 1.3, 1.4 nm-secret-whack.patch, 1.2, 1.3
avesh agarwal
avesh at fedoraproject.org
Tue Jul 13 23:11:03 UTC 2010
Author: avesh
Update of /cvs/pkgs/rpms/NetworkManager-openswan/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv15700
Modified Files:
NetworkManager-openswan.spec nm-secret-whack.patch
Log Message:
* Tue Jul 13 2010 Avesh Agarwal <avagarwa at redhat.com> - 0.8.0-4.20100411git
- Modified fix for the bz 607352
- Fix to read connection configuration from stdin
- Fix to read Xauth user password from stdin
- Fix to delete the secret file as soon as read by Openswan
Index: NetworkManager-openswan.spec
===================================================================
RCS file: /cvs/pkgs/rpms/NetworkManager-openswan/devel/NetworkManager-openswan.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- NetworkManager-openswan.spec 8 Jul 2010 20:14:14 -0000 1.3
+++ NetworkManager-openswan.spec 13 Jul 2010 23:11:02 -0000 1.4
@@ -1,4 +1,4 @@
-%define openswan_version 2.6.25-2
+%define openswan_version 2.6.27-1
%define snapshot .20100411git
%define realversion 0.8
@@ -6,7 +6,7 @@
Summary: NetworkManager VPN plug-in for openswan
Name: NetworkManager-openswan
Version: 0.8.0
-Release: 3%{snapshot}%{?dist}
+Release: 4%{snapshot}%{?dist}
License: GPLv2+
Group: System Environment/Base
URL: http://people.redhat.com/avagarwa/files/NetworkManager-openswan/
@@ -76,6 +76,12 @@ rm -rf $RPM_BUILD_ROOT
%dir %{_datadir}/gnome-vpn-properties/openswan
%changelog
+* Tue Jul 13 2010 Avesh Agarwal <avagarwa at redhat.com> - 0.8.0-4.20100411git
+- Modified fix for the bz 607352
+- Fix to read connection configuration from stdin
+- Fix to read Xauth user password from stdin
+- Fix to delete the secret file as soon as read by Openswan
+
* Thu Jul 8 2010 Avesh Agarwal <avagarwa at redhat.com> - 0.8.0-3.20100411git
- Modified the patch so that it does not pass user password to
"ipsec whack" command.
nm-secret-whack.patch:
properties/nm-openswan-dialog.glade | 111 ++++++-------------
properties/nm-openswan.c | 24 ++--
src/nm-openswan-service-helper.c | 4
src/nm-openswan-service.c | 204 +++++++++++++++++++++++++++++++-----
4 files changed, 224 insertions(+), 119 deletions(-)
Index: nm-secret-whack.patch
===================================================================
RCS file: /cvs/pkgs/rpms/NetworkManager-openswan/devel/nm-secret-whack.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- nm-secret-whack.patch 8 Jul 2010 20:14:15 -0000 1.2
+++ nm-secret-whack.patch 13 Jul 2010 23:11:02 -0000 1.3
@@ -231,8 +231,35 @@ diff -urNp NetworkManager-openswan-0.8-o
</child>
diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c
--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c 2010-06-04 17:50:13.000000000 -0400
-+++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-08 16:05:26.372305285 -0400
-@@ -218,6 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s
++++ NetworkManager-openswan-0.8/src/nm-openswan-service.c 2010-07-13 18:19:05.137333584 -0400
+@@ -212,12 +212,32 @@ openswan_watch_cb_auto (GPid pid, gint s
+ nm_warning ("openswan: ipsec auto died from an unknown cause");
+
+ /* Reap child if needed. */
+- waitpid (priv->pid_auto, NULL, WNOHANG);
+- priv->pid_auto = 0;
++ //waitpid (priv->pid_auto, NULL, WNOHANG);
++ //priv->pid_auto = 0;
++
++ waitpid (priv->pid, NULL, WNOHANG);
++ priv->pid = 0;
++
++ /* Must be after data->state is set since signals use data->state */
++ switch (error) {
++ case 2:
++ /* Couldn't log in due to bad user/pass */
++ nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
++ break;
++ case 1:
++ /* Other error (couldn't bind to address, etc) */
++ nm_vpn_plugin_failure (NM_VPN_PLUGIN (plugin), NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
++ break;
++ default:
++ break;
++ }
++
++ nm_vpn_plugin_set_state (NM_VPN_PLUGIN (plugin), NM_VPN_SERVICE_STATE_STOPPED);
+ }
static gint
@@ -240,15 +267,29 @@ diff -urNp NetworkManager-openswan-0.8-o
nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
{
GPid pid, pid_auto;
-@@ -259,12 +260,14 @@ nm_openswan_start_openswan_binary (NMOPE
+@@ -257,14 +277,27 @@ nm_openswan_start_openswan_binary (NMOPE
+ }
+ g_ptr_array_free (openswan_argv, TRUE);
++ nm_info ("openswan: ipsec started with pid %d", pid);
++
++ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid = pid;
++ openswan_watch = g_child_watch_source_new (pid);
++ g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
++ g_source_attach (openswan_watch, NULL);
++ g_source_unref (openswan_watch);
++
sleep(2);
- /*ipsec auto --up <conn-name>*/
openswan_argv = g_ptr_array_new ();
g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
g_ptr_array_add (openswan_argv, (gpointer) "auto");
- g_ptr_array_add (openswan_argv, (gpointer) "--up");
+- g_ptr_array_add (openswan_argv, (gpointer) "--up");
++ g_ptr_array_add (openswan_argv, (gpointer) "--add");
++ g_ptr_array_add (openswan_argv, (gpointer) "--config");
++ g_ptr_array_add (openswan_argv, (gpointer) "-");
++ //g_ptr_array_add (openswan_argv, (gpointer) "--up");
+ //g_ptr_array_add (openswan_argv, (gpointer) "--name");
g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
+ //g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass");
@@ -256,7 +297,7 @@ diff -urNp NetworkManager-openswan-0.8-o
g_ptr_array_add (openswan_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
-@@ -277,13 +280,13 @@ nm_openswan_start_openswan_binary (NMOPE
+@@ -277,13 +310,64 @@ nm_openswan_start_openswan_binary (NMOPE
}
g_ptr_array_free (openswan_argv, TRUE);
@@ -268,15 +309,77 @@ diff -urNp NetworkManager-openswan-0.8-o
- g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
- g_source_attach (openswan_watch, NULL);
- g_source_unref (openswan_watch);
-+ NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
++ /*NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
+ openswan_watch = g_child_watch_source_new (pid_auto);
+ g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
+ g_source_attach (openswan_watch, NULL);
-+ g_source_unref (openswan_watch);
++ g_source_unref (openswan_watch);*/
++
++ return stdin_fd;
++}
++
++
++
++static gint
++nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error)
++{
++ GPid pid;
++ const char **openswan_binary = NULL;
++ GPtrArray *openswan_argv;
++ gint stdin_fd;
++
++ /* Find openswan ipsec */
++ openswan_binary = openswan_binary_paths;
++ while (*openswan_binary != NULL) {
++ if (g_file_test (*openswan_binary, G_FILE_TEST_EXISTS))
++ break;
++ openswan_binary++;
++ }
++
++ if (!*openswan_binary) {
++ g_set_error (error,
++ NM_VPN_PLUGIN_ERROR,
++ NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
++ "%s",
++ "Could not find openswan binary.");
++ return -1;
++ }
++
++ openswan_argv = g_ptr_array_new ();
++ g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
++ g_ptr_array_add (openswan_argv, (gpointer) "auto");
++ g_ptr_array_add (openswan_argv, (gpointer) "--up");
++ g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
++ g_ptr_array_add (openswan_argv, NULL);
++
++ if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
++ G_SPAWN_DO_NOT_REAP_CHILD, NULL, NULL, &pid, &stdin_fd,
++ NULL, NULL, error)) {
++
++ g_ptr_array_free (openswan_argv, TRUE);
++ nm_warning ("openswan: ipsec auto connection failed to start. error: '%s'", (*error)->message);
++ return -1;
++ }
++ g_ptr_array_free (openswan_argv, TRUE);
++
++ sleep(3);
++
++ nm_info ("openswan: ipsec auto connection started with pid %d", pid);
return stdin_fd;
}
-@@ -365,7 +368,7 @@ write_one_property (const char *key, con
+@@ -318,8 +402,8 @@ write_one_property (const char *key, con
+ WriteConfigInfo *info = (WriteConfigInfo *) user_data;
+ GType type = G_TYPE_INVALID;
+ int i;
+- const char *default_username;
+- const char *props_username;
++ //const char *default_username;
++ //const char *props_username;
+ const char *leftid;
+
+ if (info->error)
+@@ -365,11 +449,11 @@ write_one_property (const char *key, con
//write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value);
if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) {
@@ -285,18 +388,51 @@ diff -urNp NetworkManager-openswan-0.8-o
write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value);
}
-@@ -426,8 +429,8 @@ nm_openswan_config_write (NMSettingVPN *
- gint conf_fd=-1;
- gint secret_fd=-1;
+- if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) {
++ /*if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) {
+ default_username = nm_setting_vpn_get_user_name (info->s_vpn);
+ props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER);
+ if ( default_username && strlen (default_username)
+@@ -378,7 +462,7 @@ write_one_property (const char *key, con
+ } else {
+ write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value);
+ }
+- }
++ }*/
+
+ } else if (type == G_TYPE_BOOLEAN) {
+ if (!strcmp (value, "yes")) {
+@@ -414,22 +498,22 @@ write_one_property (const char *key, con
+ }
+
+ static gboolean
+-nm_openswan_config_write (NMSettingVPN *s_vpn,
++nm_openswan_config_write (gint openswan_fd, NMSettingVPN *s_vpn,
+ GError **error)
+ {
+ WriteConfigInfo *info;
+ const char *props_username;
+ //const char *props_natt_mode;
+ const char *default_username;
+- const char *pw_type;
++ //const char *pw_type;
+ gint fdtmp1=-1;
+- gint conf_fd=-1;
+- gint secret_fd=-1;
++ //gint conf_fd=-1;
++ //gint secret_fd=-1;
- conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
- secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
-+ conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
-+ secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
++ //conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
++ //secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
- fdtmp1 = conf_fd;
+- fdtmp1 = conf_fd;
++ fdtmp1 = openswan_fd;
if(fdtmp1 != -1) {
-@@ -454,8 +457,10 @@ nm_openswan_config_write (NMSettingVPN *
+ write_config_option (fdtmp1, "conn nm-conn1\n");
+ write_config_option (fdtmp1, " aggrmode=yes\n");
+@@ -454,8 +538,10 @@ nm_openswan_config_write (NMSettingVPN *
write_config_option (fdtmp1, " ike=aes-sha1\n");
write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n");
write_config_option (fdtmp1, " nm_configured=yes\n");
@@ -308,23 +444,115 @@ diff -urNp NetworkManager-openswan-0.8-o
}
//default_username = nm_setting_vpn_get_user_name (s_vpn);
-@@ -514,8 +519,8 @@ real_connect (NMVPNPlugin *plugin,
+@@ -472,7 +558,49 @@ nm_openswan_config_write (NMSettingVPN *
+
+ info = g_malloc0 (sizeof (WriteConfigInfo));
+ //info->fd = openswan_fd;
+- info->conf_fd = conf_fd;
++ //info->conf_fd = conf_fd;
++ info->conf_fd = openswan_fd;
++ //info->secret_fd = secret_fd;
++ info->s_vpn = s_vpn;
++
++ /* Check for ignored user password */
++ /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES);
++ if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED))
++ info->upw_ignored = TRUE;*/
++
++ /* Check for ignored group password */
++ /*pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_PSK_INPUT_MODES);
++ if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED))
++ info->gpw_ignored = TRUE;*/
++
++ nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info);
++ //nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info);
++ *error = info->error;
++ //close(conf_fd);
++ close(openswan_fd);
++ sleep(3);
++ //close(secret_fd);
++ g_free (info);
++
++ return *error ? FALSE : TRUE;
++}
++
++
++static gboolean
++nm_openswan_config_secret_write (NMSettingVPN *s_vpn,
++ GError **error)
++{
++ WriteConfigInfo *info;
++ //const char *props_username;
++ //const char *default_username;
++ const char *pw_type;
++ //gint fdtmp1=-1;
++ //gint conf_fd=-1;
++ gint secret_fd=-1;
++
++ secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
++
++ info = g_malloc0 (sizeof (WriteConfigInfo));
+ info->secret_fd = secret_fd;
+ info->s_vpn = s_vpn;
+
+@@ -486,16 +614,15 @@ nm_openswan_config_write (NMSettingVPN *
+ if (pw_type && !strcmp (pw_type, NM_OPENSWAN_PW_TYPE_UNUSED))
+ info->gpw_ignored = TRUE;
+
+- nm_setting_vpn_foreach_data_item (s_vpn, write_one_property, info);
+ nm_setting_vpn_foreach_secret (s_vpn, write_one_property, info);
+ *error = info->error;
+- close(conf_fd);
+ close(secret_fd);
+ g_free (info);
+
+ return *error ? FALSE : TRUE;
+ }
+
++
+ static gboolean
+ real_connect (NMVPNPlugin *plugin,
+ NMConnection *connection,
+@@ -514,13 +641,31 @@ real_connect (NMVPNPlugin *plugin,
if (!nm_openswan_secrets_validate (s_vpn, error))
goto out;
- if (!nm_openswan_config_write (s_vpn, error))
- goto out;
-+ if (!nm_openswan_config_write (s_vpn, error))
++ if (!nm_openswan_config_secret_write (s_vpn, error))
+ goto out;
openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error);
if (openswan_fd < 0)
-@@ -622,6 +627,9 @@ real_disconnect (NMVPNPlugin *plugin,
+ goto out;
+
++ if (!nm_openswan_config_write (openswan_fd, s_vpn, error)) {
++ goto out;
++ }
++ else {
++ /*no error*/
++ openswan_fd=-1;
++ }
++
++ unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets");
++
++ openswan_fd = nm_openswan_start_openswan_connection (NM_OPENSWAN_PLUGIN (plugin), error);
++ if (openswan_fd < 0)
++ goto out;
++
++ write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
++ close(openswan_fd);
++ openswan_fd=-1;
++
+ success = TRUE;
+
+ out:
+@@ -622,6 +767,9 @@ real_disconnect (NMVPNPlugin *plugin,
}
g_ptr_array_free (openswan_argv, TRUE);
-+ unlink("/etc/ipsec.d/ipsec-nm-conn1.conf");
-+ unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets");
++ //unlink("/etc/ipsec.d/ipsec-nm-conn1.conf");
++ //unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets");
+
return TRUE;
}
More information about the scm-commits
mailing list