|
|
|
@ -1,4 +1,4 @@
|
|
|
|
|
From f9f321fc00f9016569a592140d9e5a24f9c4db01 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From dcf656747eece80e2534dc21b79c15e13bb28b5a Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
|
|
|
Date: Fri, 13 Sep 2024 14:49:12 +0200
|
|
|
|
|
Subject: [PATCH 1/6] shared/nm-glib: import newer g_steal_pointer()
|
|
|
|
@ -63,7 +63,7 @@ index 770cf0f..1b6487c 100644
|
|
|
|
|
--
|
|
|
|
|
2.46.0
|
|
|
|
|
|
|
|
|
|
From 72816f82b029063e4d8aaff6703f175da5232293 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From 50b019de99a9005065db6d069167ffacbe62151b Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
|
|
|
Date: Tue, 17 Sep 2024 13:28:58 +0200
|
|
|
|
|
Subject: [PATCH 2/6] build: get rid of {properties,src}/libutils.la
|
|
|
|
@ -73,76 +73,49 @@ more complicated. Get rid of then, and just roll src/libutils.la.
|
|
|
|
|
|
|
|
|
|
[lkundrak@v3.sk: Backported from 1.24.0]
|
|
|
|
|
---
|
|
|
|
|
Makefile.am | 69 +++++++++++++++++++++--------------------------------
|
|
|
|
|
1 file changed, 27 insertions(+), 42 deletions(-)
|
|
|
|
|
Makefile.am | 47 ++++++++++++++++++-----------------------------
|
|
|
|
|
1 file changed, 18 insertions(+), 29 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/Makefile.am b/Makefile.am
|
|
|
|
|
index 29084a9..d46cfcd 100644
|
|
|
|
|
index 8442d64..e2847d4 100644
|
|
|
|
|
--- a/Makefile.am
|
|
|
|
|
+++ b/Makefile.am
|
|
|
|
|
@@ -33,6 +33,26 @@ nmvpnservice_DATA = nm-libreswan-service.name
|
|
|
|
|
@@ -53,23 +53,25 @@ common_CFLAGS = \
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
|
|
-noinst_LTLIBRARIES += properties/libutils.la
|
|
|
|
|
+noinst_LTLIBRARIES += shared/libutils.la
|
|
|
|
|
+
|
|
|
|
|
|
|
|
|
|
-properties_libutils_la_SOURCES = \
|
|
|
|
|
- shared/utils.c \
|
|
|
|
|
- shared/utils.h \
|
|
|
|
|
- shared/nm-utils/nm-vpn-plugin-utils.c \
|
|
|
|
|
- shared/nm-utils/nm-vpn-plugin-utils.h \
|
|
|
|
|
+shared_libutils_la_SOURCES = \
|
|
|
|
|
+ shared/nm-utils/nm-shared-utils.c \
|
|
|
|
|
+ shared/nm-utils/nm-shared-utils.h \
|
|
|
|
|
shared/nm-utils/nm-shared-utils.c \
|
|
|
|
|
shared/nm-utils/nm-shared-utils.h \
|
|
|
|
|
+ shared/utils.c \
|
|
|
|
|
+ shared/utils.h \
|
|
|
|
|
+ shared/nm-service-defines.h
|
|
|
|
|
+
|
|
|
|
|
shared/nm-service-defines.h
|
|
|
|
|
|
|
|
|
|
-properties_libutils_la_CPPFLAGS = \
|
|
|
|
|
- -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_BASE \
|
|
|
|
|
- -DNM_PLUGIN_DIR=\"$(NM_PLUGIN_DIR)\" \
|
|
|
|
|
+shared_libutils_la_CFLAGS = \
|
|
|
|
|
+ -DPREFIX=\""$(prefix)"\" \
|
|
|
|
|
+ $(common_CFLAGS) \
|
|
|
|
|
+ $(LIBNM_CFLAGS)
|
|
|
|
|
+
|
|
|
|
|
$(common_CFLAGS) \
|
|
|
|
|
$(LIBNM_CFLAGS)
|
|
|
|
|
|
|
|
|
|
+shared_libutils_la_LIBADD = \
|
|
|
|
|
+ $(GLIB_LIBS) \
|
|
|
|
|
+ $(LIBNM_LIBS)
|
|
|
|
|
+
|
|
|
|
|
+###############################################################################
|
|
|
|
|
+
|
|
|
|
|
properties/resources.h: properties/gresource.xml
|
|
|
|
|
$(AM_V_GEN) $(GLIB_COMPILE_RESOURCES) $< --target=$@ --sourcedir=$(srcdir)/properties --generate-header --internal
|
|
|
|
|
|
|
|
|
|
@@ -53,10 +73,6 @@ gtk4/%.ui: properties/%.ui
|
|
|
|
|
EXTRA_DIST += \
|
|
|
|
|
gtk4/nm-libreswan-dialog.ui
|
|
|
|
|
|
|
|
|
|
-plugin_sources = \
|
|
|
|
|
- properties/nm-libreswan-editor-plugin.c \
|
|
|
|
|
- properties/nm-libreswan-editor-plugin.h
|
|
|
|
|
-
|
|
|
|
|
editor_sources = \
|
|
|
|
|
properties/nm-libreswan-editor.c \
|
|
|
|
|
properties/nm-libreswan-editor.h
|
|
|
|
|
@@ -68,23 +84,6 @@ common_CFLAGS = \
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
|
|
-noinst_LTLIBRARIES += properties/libutils.la
|
|
|
|
|
-
|
|
|
|
|
-properties_libutils_la_SOURCES = \
|
|
|
|
|
- shared/utils.c \
|
|
|
|
|
- shared/utils.h \
|
|
|
|
|
- shared/nm-utils/nm-vpn-plugin-utils.c \
|
|
|
|
|
- shared/nm-utils/nm-vpn-plugin-utils.h \
|
|
|
|
|
- shared/nm-utils/nm-shared-utils.c \
|
|
|
|
|
- shared/nm-utils/nm-shared-utils.h \
|
|
|
|
|
- shared/nm-service-defines.h
|
|
|
|
|
-
|
|
|
|
|
-properties_libutils_la_CPPFLAGS = \
|
|
|
|
|
- -DPREFIX=\""$(prefix)"\" \
|
|
|
|
|
- -DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_BASE \
|
|
|
|
|
- $(common_CFLAGS) \
|
|
|
|
|
- $(LIBNM_CFLAGS)
|
|
|
|
|
-
|
|
|
|
|
plugin_LTLIBRARIES += properties/libnm-vpn-plugin-libreswan.la
|
|
|
|
|
|
|
|
|
|
properties_libnm_vpn_plugin_libreswan_la_CFLAGS = \
|
|
|
|
|
@@ -93,10 +92,13 @@ properties_libnm_vpn_plugin_libreswan_la_CFLAGS = \
|
|
|
|
|
@@ -79,10 +81,13 @@ properties_libnm_vpn_plugin_libreswan_la_CFLAGS = \
|
|
|
|
|
$(LIBNM_CFLAGS)
|
|
|
|
|
|
|
|
|
|
properties_libnm_vpn_plugin_libreswan_la_SOURCES = \
|
|
|
|
@ -158,15 +131,7 @@ index 29084a9..d46cfcd 100644
|
|
|
|
|
$(LIBNM_LIBS) \
|
|
|
|
|
$(DL_LIBS)
|
|
|
|
|
|
|
|
|
|
@@ -198,7 +200,6 @@ auth_dialog_nm_libreswan_auth_dialog_LDADD = \
|
|
|
|
|
|
|
|
|
|
src_cppflags = \
|
|
|
|
|
-DBINDIR=\"$(bindir)\" \
|
|
|
|
|
- -DPREFIX=\""$(prefix)"\" \
|
|
|
|
|
-DLIBDIR=\""$(libdir)"\" \
|
|
|
|
|
-DLIBEXECDIR=\""$(libexecdir)"\" \
|
|
|
|
|
-DLOCALSTATEDIR=\""$(localstatedir)"\" \
|
|
|
|
|
@@ -230,22 +231,6 @@ src/nm-libreswan-helper-service-dbus.h: src/nm-libreswan-helper-service.xml
|
|
|
|
|
@@ -216,22 +221,6 @@ src/nm-libreswan-helper-service-dbus.h: src/nm-libreswan-helper-service.xml
|
|
|
|
|
src/nm-libreswan-helper-service-dbus.c: src/nm-libreswan-helper-service-dbus.h
|
|
|
|
|
@true
|
|
|
|
|
|
|
|
|
@ -189,7 +154,7 @@ index 29084a9..d46cfcd 100644
|
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
|
|
libexec_PROGRAMS += src/nm-libreswan-service
|
|
|
|
|
@@ -255,7 +240,7 @@ src_nm_libreswan_service_CPPFLAGS = \
|
|
|
|
|
@@ -241,7 +230,7 @@ src_nm_libreswan_service_CPPFLAGS = \
|
|
|
|
|
|
|
|
|
|
src_nm_libreswan_service_LDADD = \
|
|
|
|
|
src/libnm-libreswan-helper-service-dbus.la \
|
|
|
|
@ -198,7 +163,7 @@ index 29084a9..d46cfcd 100644
|
|
|
|
|
$(GLIB_LIBS) \
|
|
|
|
|
$(LIBNM_LIBS) \
|
|
|
|
|
$(LIBNL_LIBS) \
|
|
|
|
|
@@ -272,7 +257,7 @@ src_nm_libreswan_service_helper_CPPFLAGS = \
|
|
|
|
|
@@ -258,7 +247,7 @@ src_nm_libreswan_service_helper_CPPFLAGS = \
|
|
|
|
|
|
|
|
|
|
src_nm_libreswan_service_helper_LDADD = \
|
|
|
|
|
src/libnm-libreswan-helper-service-dbus.la \
|
|
|
|
@ -210,7 +175,7 @@ index 29084a9..d46cfcd 100644
|
|
|
|
|
--
|
|
|
|
|
2.46.0
|
|
|
|
|
|
|
|
|
|
From cf9777bd065ddc40c627e1d994432e95b1e70a82 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From a076344da47a3ec930f01d7b70d1929431c301cc Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
|
|
|
Date: Mon, 23 Sep 2024 11:39:22 +0200
|
|
|
|
|
Subject: [PATCH 3/6] shared/test-utils: cover config write with unit tests
|
|
|
|
@ -226,10 +191,10 @@ cases.
|
|
|
|
|
create mode 100644 shared/test-utils.c
|
|
|
|
|
|
|
|
|
|
diff --git a/Makefile.am b/Makefile.am
|
|
|
|
|
index d46cfcd..3f4e85c 100644
|
|
|
|
|
index e2847d4..d97d3c3 100644
|
|
|
|
|
--- a/Makefile.am
|
|
|
|
|
+++ b/Makefile.am
|
|
|
|
|
@@ -21,6 +21,8 @@ libexec_PROGRAMS =
|
|
|
|
|
@@ -19,6 +19,8 @@ libexec_PROGRAMS =
|
|
|
|
|
|
|
|
|
|
noinst_PROGRAMS =
|
|
|
|
|
|
|
|
|
@ -238,7 +203,7 @@ index d46cfcd..3f4e85c 100644
|
|
|
|
|
SUBDIRS = po man
|
|
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
@@ -51,6 +53,20 @@ shared_libutils_la_LIBADD = \
|
|
|
|
|
@@ -70,6 +72,20 @@ shared_libutils_la_LIBADD = \
|
|
|
|
|
$(GLIB_LIBS) \
|
|
|
|
|
$(LIBNM_LIBS)
|
|
|
|
|
|
|
|
|
@ -258,7 +223,7 @@ index d46cfcd..3f4e85c 100644
|
|
|
|
|
+
|
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
|
|
properties/resources.h: properties/gresource.xml
|
|
|
|
|
plugin_LTLIBRARIES += properties/libnm-vpn-plugin-libreswan.la
|
|
|
|
|
diff --git a/shared/test-utils.c b/shared/test-utils.c
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..82ee933
|
|
|
|
@ -395,7 +360,7 @@ index 0000000..82ee933
|
|
|
|
|
--
|
|
|
|
|
2.46.0
|
|
|
|
|
|
|
|
|
|
From 2b07bfeec5e67cbdce9b23b7c0648cb0ee55416d Mon Sep 17 00:00:00 2001
|
|
|
|
|
From 486c9e7a8517a1f376cd9f290e2e16298770e004 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
|
|
|
Date: Sun, 22 Sep 2024 14:20:22 +0200
|
|
|
|
|
Subject: [PATCH 4/6] all: rework formatting of ipsec.conf
|
|
|
|
@ -411,27 +376,24 @@ https://issues.redhat.com/browse/RHEL-59565
|
|
|
|
|
|
|
|
|
|
[lkundrak@v3.sk: Backported from 1.24.0]
|
|
|
|
|
---
|
|
|
|
|
properties/nm-libreswan-editor-plugin.c | 30 +-
|
|
|
|
|
shared/test-utils.c | 97 +----
|
|
|
|
|
shared/utils.c | 491 ++++++++++++++----------
|
|
|
|
|
shared/utils.h | 28 +-
|
|
|
|
|
src/nm-libreswan-service.c | 183 +++++----
|
|
|
|
|
5 files changed, 423 insertions(+), 406 deletions(-)
|
|
|
|
|
properties/nm-libreswan-editor-plugin.c | 29 +-
|
|
|
|
|
shared/test-utils.c | 99 ++----
|
|
|
|
|
shared/utils.c | 407 ++++++++++++++----------
|
|
|
|
|
shared/utils.h | 26 +-
|
|
|
|
|
src/nm-libreswan-service.c | 176 +++++-----
|
|
|
|
|
5 files changed, 375 insertions(+), 362 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
|
|
|
|
|
index fe473d1..9393212 100644
|
|
|
|
|
index d6b63f2..6f23936 100644
|
|
|
|
|
--- a/properties/nm-libreswan-editor-plugin.c
|
|
|
|
|
+++ b/properties/nm-libreswan-editor-plugin.c
|
|
|
|
|
@@ -286,19 +286,11 @@ export_to_file (NMVpnEditorPlugin *self,
|
|
|
|
|
@@ -266,38 +266,25 @@ export_to_file (NMVpnEditorPlugin *self,
|
|
|
|
|
{
|
|
|
|
|
NMSettingVpn *s_vpn;
|
|
|
|
|
gboolean openswan = FALSE;
|
|
|
|
|
- int fd, errsv;
|
|
|
|
|
gs_free_error GError *local = NULL;
|
|
|
|
|
+ gs_free char *ipsec_conf = NULL;
|
|
|
|
|
gboolean is_openswan;
|
|
|
|
|
int version;
|
|
|
|
|
|
|
|
|
|
-
|
|
|
|
|
- fd = g_open (path, O_WRONLY | O_CREAT, 0666);
|
|
|
|
|
- if (fd == -1) {
|
|
|
|
|
- errsv = errno;
|
|
|
|
@ -439,16 +401,13 @@ index fe473d1..9393212 100644
|
|
|
|
|
- _("Can’t open file “%s”: %s"), path, g_strerror (errsv));
|
|
|
|
|
- return FALSE;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
+ gs_free char *ipsec_conf = NULL;
|
|
|
|
|
|
|
|
|
|
s_vpn = nm_connection_get_setting_vpn (connection);
|
|
|
|
|
if (s_vpn)
|
|
|
|
|
openswan = nm_streq (nm_setting_vpn_get_service_type (s_vpn), NM_VPN_SERVICE_TYPE_OPENSWAN);
|
|
|
|
|
@@ -306,24 +298,18 @@ export_to_file (NMVpnEditorPlugin *self,
|
|
|
|
|
nm_libreswan_detect_version (nm_libreswan_find_helper_bin ("ipsec", NULL),
|
|
|
|
|
&is_openswan, &version, NULL);
|
|
|
|
|
|
|
|
|
|
- if (!nm_libreswan_config_write (fd,
|
|
|
|
|
- version,
|
|
|
|
|
- connection,
|
|
|
|
|
- nm_connection_get_id (connection),
|
|
|
|
|
- NULL,
|
|
|
|
@ -457,7 +416,7 @@ index fe473d1..9393212 100644
|
|
|
|
|
- NULL,
|
|
|
|
|
- &local)) {
|
|
|
|
|
- g_close (fd, NULL);
|
|
|
|
|
+ ipsec_conf = nm_libreswan_get_ipsec_conf (version, s_vpn,
|
|
|
|
|
+ ipsec_conf = nm_libreswan_get_ipsec_conf (s_vpn,
|
|
|
|
|
+ nm_connection_get_id (connection),
|
|
|
|
|
+ NULL, openswan, TRUE, error);
|
|
|
|
|
+ if (ipsec_conf == NULL)
|
|
|
|
@ -476,7 +435,7 @@ index fe473d1..9393212 100644
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
diff --git a/shared/test-utils.c b/shared/test-utils.c
|
|
|
|
|
index 82ee933..49aa32a 100644
|
|
|
|
|
index 82ee933..965daef 100644
|
|
|
|
|
--- a/shared/test-utils.c
|
|
|
|
|
+++ b/shared/test-utils.c
|
|
|
|
|
@@ -2,117 +2,60 @@
|
|
|
|
@ -548,7 +507,7 @@ index 82ee933..49aa32a 100644
|
|
|
|
|
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
|
|
|
|
|
nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14");
|
|
|
|
|
- str = _setting_into_ipsec_conf (s_vpn, "con_name", &error);
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (4, s_vpn, "con_name", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "con_name", NULL, FALSE, TRUE, &error);
|
|
|
|
|
g_assert_no_error (error);
|
|
|
|
|
g_assert_cmpstr (str, ==,
|
|
|
|
|
"conn con_name\n"
|
|
|
|
@ -562,7 +521,8 @@ index 82ee933..49aa32a 100644
|
|
|
|
|
- " modecfgpull=yes\n"
|
|
|
|
|
" rightsubnet=0.0.0.0/0\n"
|
|
|
|
|
" leftxauthclient=yes\n"
|
|
|
|
|
" remote-peer-type=cisco\n"
|
|
|
|
|
- " remote-peer-type=cisco\n"
|
|
|
|
|
+ " remote_peer_type=cisco\n"
|
|
|
|
|
" rightxauthserver=yes\n"
|
|
|
|
|
" ikelifetime=24h\n"
|
|
|
|
|
" salifetime=24h\n"
|
|
|
|
@ -585,7 +545,7 @@ index 82ee933..49aa32a 100644
|
|
|
|
|
- str = _setting_into_ipsec_conf (s_vpn,
|
|
|
|
|
- "f0008435-07af-4836-a53d-b43e8730e68f",
|
|
|
|
|
- &error);
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (4, s_vpn,
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (s_vpn,
|
|
|
|
|
+ "f0008435-07af-4836-a53d-b43e8730e68f",
|
|
|
|
|
+ NULL, FALSE, TRUE, &error);
|
|
|
|
|
g_assert_no_error (error);
|
|
|
|
@ -618,10 +578,10 @@ index 82ee933..49aa32a 100644
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
diff --git a/shared/utils.c b/shared/utils.c
|
|
|
|
|
index 65bc603..2482311 100644
|
|
|
|
|
index 36af877..7533f7f 100644
|
|
|
|
|
--- a/shared/utils.c
|
|
|
|
|
+++ b/shared/utils.c
|
|
|
|
|
@@ -30,82 +30,109 @@
|
|
|
|
|
@@ -30,81 +30,108 @@
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
|
|
|
|
@ -697,7 +657,6 @@ index 65bc603..2482311 100644
|
|
|
|
|
|
|
|
|
|
-gboolean
|
|
|
|
|
-nm_libreswan_config_write (gint fd,
|
|
|
|
|
- int ipsec_version,
|
|
|
|
|
- NMConnection *connection,
|
|
|
|
|
- const char *con_name,
|
|
|
|
|
- const char *leftupdown_script,
|
|
|
|
@ -774,8 +733,7 @@ index 65bc603..2482311 100644
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+char *
|
|
|
|
|
+nm_libreswan_get_ipsec_conf (int ipsec_version,
|
|
|
|
|
+ NMSettingVpn *s_vpn,
|
|
|
|
|
+nm_libreswan_get_ipsec_conf (NMSettingVpn *s_vpn,
|
|
|
|
|
+ const char *con_name,
|
|
|
|
|
+ const char *leftupdown_script,
|
|
|
|
|
+ gboolean openswan,
|
|
|
|
@ -792,8 +750,8 @@ index 65bc603..2482311 100644
|
|
|
|
|
+ const char *right;
|
|
|
|
|
const char *leftid;
|
|
|
|
|
const char *leftcert;
|
|
|
|
|
const char *rightcert;
|
|
|
|
|
@@ -116,129 +143,176 @@ nm_libreswan_config_write (gint fd,
|
|
|
|
|
const char *leftrsasigkey;
|
|
|
|
|
@@ -112,122 +139,158 @@ nm_libreswan_config_write (gint fd,
|
|
|
|
|
const char *remote_network;
|
|
|
|
|
const char *ikev2 = NULL;
|
|
|
|
|
const char *rightid;
|
|
|
|
@ -802,8 +760,6 @@ index 65bc603..2482311 100644
|
|
|
|
|
- const char *fragmentation;
|
|
|
|
|
- const char *mobike;
|
|
|
|
|
const char *pfs;
|
|
|
|
|
const char *client_family;
|
|
|
|
|
const char *item;
|
|
|
|
|
gboolean is_ikev2 = FALSE;
|
|
|
|
|
|
|
|
|
|
- g_return_val_if_fail (fd > 0, FALSE);
|
|
|
|
@ -889,41 +845,9 @@ index 65bc603..2482311 100644
|
|
|
|
|
+ }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_HOSTADDRFAMILY);
|
|
|
|
|
- if (item && strlen (item))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " hostaddrfamily=%s", item);
|
|
|
|
|
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_HOSTADDRFAMILY, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
|
|
|
|
|
client_family = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_CLIENTADDRFAMILY);
|
|
|
|
|
- if (client_family && strlen (client_family))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " clientaddrfamily=%s", client_family);
|
|
|
|
|
+ if (client_family && client_family[0] != '\0') {
|
|
|
|
|
+ g_string_append (ipsec_conf, " clientaddrfamily=");
|
|
|
|
|
+ if (!printable_val (ipsec_conf, client_family, error)) {
|
|
|
|
|
+ g_prefix_error (error, _("Invalid value for '%s': "),
|
|
|
|
|
+ NM_LIBRESWAN_KEY_CLIENTADDRFAMILY);
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
leftrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTRSASIGKEY);
|
|
|
|
|
rightrsasigkey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTRSASIGKEY);
|
|
|
|
|
leftcert = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTCERT);
|
|
|
|
|
rightcert = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTCERT);
|
|
|
|
|
authby = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_AUTHBY);
|
|
|
|
|
- if (rightcert && strlen (rightcert)) {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightcert=%s", rightcert);
|
|
|
|
|
+ if (rightcert && rightcert[0] != '\0') {
|
|
|
|
|
+ g_string_append (ipsec_conf, " rightcert=");
|
|
|
|
|
+ if (!string_val (ipsec_conf, rightcert, error)) {
|
|
|
|
|
+ g_prefix_error (error, _("Invalid value for '%s': "),
|
|
|
|
|
+ NM_LIBRESWAN_KEY_RIGHTCERT);
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
if (!rightrsasigkey)
|
|
|
|
|
rightrsasigkey = "%cert";
|
|
|
|
|
}
|
|
|
|
|
- if (leftcert && strlen (leftcert)) {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftcert=%s", leftcert);
|
|
|
|
|
+ if (leftcert && leftcert[0] != '\0') {
|
|
|
|
@ -942,24 +866,17 @@ index 65bc603..2482311 100644
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftrsasigkey=%s", leftrsasigkey);
|
|
|
|
|
- if (rightrsasigkey && strlen (rightrsasigkey))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightrsasigkey=%s", rightrsasigkey);
|
|
|
|
|
- if ( !(leftrsasigkey && strlen (leftrsasigkey))
|
|
|
|
|
- && !(rightrsasigkey && strlen (rightrsasigkey))) {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " authby=secret");
|
|
|
|
|
+ if (!optional_string_val (ipsec_conf, NM_LIBRESWAN_KEY_LEFTRSASIGKEY, leftrsasigkey, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!optional_string_val (ipsec_conf, NM_LIBRESWAN_KEY_RIGHTRSASIGKEY, rightrsasigkey, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
|
|
|
|
|
- if (authby && strlen (authby)) {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " authby=%s", authby);
|
|
|
|
|
- } else if ( !(leftrsasigkey && strlen (leftrsasigkey))
|
|
|
|
|
- && !(rightrsasigkey && strlen (rightrsasigkey))) {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " authby=secret");
|
|
|
|
|
+ if (authby == NULL || authby[0] == '\0') {
|
|
|
|
|
+ if ( !(leftrsasigkey && leftrsasigkey[0] != '\0')
|
|
|
|
|
+ && !(rightrsasigkey && rightrsasigkey[0] != '\0')) {
|
|
|
|
|
+ authby = "secret";
|
|
|
|
|
+ }
|
|
|
|
|
+ if ( !(leftrsasigkey && leftrsasigkey[0] != '\0')
|
|
|
|
|
+ && !(rightrsasigkey && rightrsasigkey[0] != '\0')) {
|
|
|
|
|
+ g_string_append (ipsec_conf, " authby=secret\n");
|
|
|
|
|
}
|
|
|
|
|
+ if (!optional_printable_val (ipsec_conf, NM_LIBRESWAN_KEY_AUTHBY, authby, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
|
|
|
|
|
left = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFT);
|
|
|
|
|
- if (left && strlen (left))
|
|
|
|
@ -975,18 +892,11 @@ index 65bc603..2482311 100644
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT);
|
|
|
|
|
if (nm_streq0 (item, "no")) {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=no");
|
|
|
|
|
+ g_string_append (ipsec_conf, " leftmodecfgclient=no\n");
|
|
|
|
|
} else {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=yes");
|
|
|
|
|
+ g_string_append (ipsec_conf, " leftmodecfgclient=yes\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=yes");
|
|
|
|
|
- if (leftupdown_script)
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftupdown=%s", leftupdown_script);
|
|
|
|
|
-
|
|
|
|
|
+ g_string_append (ipsec_conf, " leftmodecfgclient=yes\n");
|
|
|
|
|
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " right=%s", nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHT));
|
|
|
|
|
rightid = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHTID);
|
|
|
|
|
- if (rightid && strlen (rightid)) {
|
|
|
|
@ -1010,47 +920,23 @@ index 65bc603..2482311 100644
|
|
|
|
|
}
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightmodecfgserver=yes");
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " modecfgpull=yes");
|
|
|
|
|
-
|
|
|
|
|
|
|
|
|
|
local_network = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LOCALNETWORK);
|
|
|
|
|
if (local_network) {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftsubnet=%s", local_network);
|
|
|
|
|
+ g_string_append (ipsec_conf, " leftsubnet=");
|
|
|
|
|
+ if (!printable_val (ipsec_conf, local_network, error)) {
|
|
|
|
|
+ g_prefix_error (error, _("Invalid value for '%s': "),
|
|
|
|
|
+ NM_LIBRESWAN_KEY_LOCALNETWORK);
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
remote_network = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_REMOTENETWORK);
|
|
|
|
|
- if (!remote_network || !strlen (remote_network)) {
|
|
|
|
|
+ if (!remote_network || remote_network[0] == '\0') {
|
|
|
|
|
int addr_family = AF_UNSPEC;
|
|
|
|
|
|
|
|
|
|
/* Detect the address family of the remote subnet. We use in order:
|
|
|
|
|
@@ -259,43 +333,50 @@ nm_libreswan_config_write (gint fd,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (addr_family == AF_INET6) {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=::/0");
|
|
|
|
|
+ remote_network = "::/0";
|
|
|
|
|
} else {
|
|
|
|
|
/* For backwards compatibility, if we can't determine the family
|
|
|
|
|
* assume it's IPv4. Anyway, in the future we need to stop adding
|
|
|
|
|
* the option automatically. */
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=0.0.0.0/0");
|
|
|
|
|
+ remote_network = "0.0.0.0/0";
|
|
|
|
|
}
|
|
|
|
|
- } else {
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=%s", remote_network);
|
|
|
|
|
+ }
|
|
|
|
|
- remote_network = nm_setting_vpn_get_data_item (s_vpn,
|
|
|
|
|
- NM_LIBRESWAN_KEY_REMOTENETWORK);
|
|
|
|
|
- if (!remote_network || !strlen (remote_network))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=0.0.0.0/0");
|
|
|
|
|
- else
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=%s",
|
|
|
|
|
- remote_network);
|
|
|
|
|
+ remote_network = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_REMOTENETWORK);
|
|
|
|
|
+ if (!remote_network || remote_network[0] == '\0')
|
|
|
|
|
+ remote_network = "0.0.0.0/0";
|
|
|
|
|
+ g_string_append (ipsec_conf, " rightsubnet=");
|
|
|
|
|
+ if (!printable_val (ipsec_conf, remote_network, error)) {
|
|
|
|
|
+ g_prefix_error (error, _("Invalid value for '%s': "),
|
|
|
|
|
+ NM_LIBRESWAN_KEY_REMOTENETWORK);
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
}
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
if (!is_ikev2) {
|
|
|
|
|
/* When IKEv1 is in place, we enforce XAUTH: so, use IKE version
|
|
|
|
@ -1061,39 +947,24 @@ index 65bc603..2482311 100644
|
|
|
|
|
|
|
|
|
|
- default_username = nm_setting_vpn_get_user_name (s_vpn);
|
|
|
|
|
- props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER);
|
|
|
|
|
- if (!props_username)
|
|
|
|
|
- props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME);
|
|
|
|
|
- if (props_username && strlen (props_username))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error,
|
|
|
|
|
- ipsec_version >= 4 ? " leftusername=%s" : " leftxauthusername=%s",
|
|
|
|
|
- props_username);
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftxauthusername=%s", props_username);
|
|
|
|
|
- else if (default_username && strlen (default_username))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error,
|
|
|
|
|
- ipsec_version >= 4 ? " leftusername=%s" : " leftxauthusername=%s",
|
|
|
|
|
- default_username);
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " leftxauthusername=%s", default_username);
|
|
|
|
|
+ username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER);
|
|
|
|
|
+ if (username == NULL || username[0] == '\0')
|
|
|
|
|
+ username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME);
|
|
|
|
|
+ if (username == NULL || username[0] == '\0')
|
|
|
|
|
+ username = nm_setting_vpn_get_user_name (s_vpn);
|
|
|
|
|
+ if (username != NULL && username[0] != '\0') {
|
|
|
|
|
+ g_string_append (ipsec_conf,
|
|
|
|
|
+ ipsec_version >= 4 ?
|
|
|
|
|
+ " leftusername=" :
|
|
|
|
|
+ " leftxauthusername=");
|
|
|
|
|
+ g_string_append (ipsec_conf, " leftxauthusername=");
|
|
|
|
|
+ if (!string_val (ipsec_conf, username, error)) {
|
|
|
|
|
+ g_prefix_error (error, _("Invalid username: "));
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error,
|
|
|
|
|
- ipsec_version >= 4 ? " remote-peer-type=cisco" : " remote_peer_type=cisco");
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " remote_peer_type=cisco");
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " rightxauthserver=yes");
|
|
|
|
|
+ g_string_append (ipsec_conf,
|
|
|
|
|
+ ipsec_version >= 4 ?
|
|
|
|
|
+ " remote-peer-type=cisco\n" :
|
|
|
|
|
+ " remote_peer_type=cisco\n");
|
|
|
|
|
+ g_string_append (ipsec_conf, " remote_peer_type=cisco\n");
|
|
|
|
|
+ g_string_append (ipsec_conf, " rightxauthserver=yes\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -1102,7 +973,7 @@ index 65bc603..2482311 100644
|
|
|
|
|
/* When the crypto is unspecified, let Libreswan use many sets of crypto
|
|
|
|
|
* proposals (just leave the property unset). An exception should be made
|
|
|
|
|
* for IKEv1 connections in aggressive mode: there the DH group in the crypto
|
|
|
|
|
@@ -304,84 +385,80 @@ nm_libreswan_config_write (gint fd,
|
|
|
|
|
@@ -236,62 +299,70 @@ nm_libreswan_config_write (gint fd,
|
|
|
|
|
* force the best proposal that should be accepted by all obsolete VPN SW/HW
|
|
|
|
|
* acting as a remote access VPN server.
|
|
|
|
|
*/
|
|
|
|
@ -1191,16 +1062,8 @@ index 65bc603..2482311 100644
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_MOBIKE, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_DPDDELAY, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_DPDTIMEOUT, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_DPDACTION, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_IPSEC_INTERFACE, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ if (!optional_printable (ipsec_conf, s_vpn, NM_LIBRESWAN_KEY_TYPE, error))
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
|
|
|
|
|
- narrowing = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_NARROWING);
|
|
|
|
|
- if (narrowing && strlen (narrowing))
|
|
|
|
@ -1218,26 +1081,6 @@ index 65bc603..2482311 100644
|
|
|
|
|
- if (mobike && strlen (mobike))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " mobike=%s", mobike);
|
|
|
|
|
-
|
|
|
|
|
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_DPDDELAY);
|
|
|
|
|
- if (item && strlen (item))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " dpddelay=%s", item);
|
|
|
|
|
-
|
|
|
|
|
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_DPDTIMEOUT);
|
|
|
|
|
- if (item && strlen (item))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " dpdtimeout=%s", item);
|
|
|
|
|
-
|
|
|
|
|
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_DPDACTION);
|
|
|
|
|
- if (item && strlen (item))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " dpdaction=%s", item);
|
|
|
|
|
-
|
|
|
|
|
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_IPSEC_INTERFACE);
|
|
|
|
|
- if (item && strlen (item))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " ipsec-interface=%s", item);
|
|
|
|
|
-
|
|
|
|
|
- item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_TYPE);
|
|
|
|
|
- if (item && strlen (item))
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " type=%s", item);
|
|
|
|
|
-
|
|
|
|
|
- WRITE_CHECK (fd, debug_write_fcn, error, " nm-configured=yes");
|
|
|
|
|
-
|
|
|
|
|
- WRITE_CHECK_NEWLINE (fd, trailing_newline, debug_write_fcn, error, " auto=add");
|
|
|
|
@ -1245,13 +1088,11 @@ index 65bc603..2482311 100644
|
|
|
|
|
- return TRUE;
|
|
|
|
|
+ return g_string_free (g_steal_pointer (&ipsec_conf), FALSE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const char *
|
|
|
|
|
diff --git a/shared/utils.h b/shared/utils.h
|
|
|
|
|
index 7e89841..2e2450c 100644
|
|
|
|
|
index b5d8f53..839c03a 100644
|
|
|
|
|
--- a/shared/utils.h
|
|
|
|
|
+++ b/shared/utils.h
|
|
|
|
|
@@ -24,27 +24,13 @@
|
|
|
|
|
@@ -24,26 +24,12 @@
|
|
|
|
|
#ifndef __UTILS_H__
|
|
|
|
|
#define __UTILS_H__
|
|
|
|
|
|
|
|
|
@ -1268,7 +1109,6 @@ index 7e89841..2e2450c 100644
|
|
|
|
|
-
|
|
|
|
|
-gboolean
|
|
|
|
|
-nm_libreswan_config_write (gint fd,
|
|
|
|
|
- int ipsec_version,
|
|
|
|
|
- NMConnection *connection,
|
|
|
|
|
- const char *con_name,
|
|
|
|
|
- const char *leftupdown_script,
|
|
|
|
@ -1276,8 +1116,7 @@ index 7e89841..2e2450c 100644
|
|
|
|
|
- gboolean trailing_newline,
|
|
|
|
|
- NMDebugWriteFcn debug_write_fcn,
|
|
|
|
|
- GError **error);
|
|
|
|
|
+char *nm_libreswan_get_ipsec_conf (int ipsec_version,
|
|
|
|
|
+ NMSettingVpn *s_vpn,
|
|
|
|
|
+char *nm_libreswan_get_ipsec_conf (NMSettingVpn *s_vpn,
|
|
|
|
|
+ const char *con_name,
|
|
|
|
|
+ const char *leftupdown_script,
|
|
|
|
|
+ gboolean openswan,
|
|
|
|
@ -1287,10 +1126,10 @@ index 7e89841..2e2450c 100644
|
|
|
|
|
static inline gboolean
|
|
|
|
|
nm_libreswan_utils_setting_is_ikev2 (NMSettingVpn *s_vpn, const char **out_ikev2)
|
|
|
|
|
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
|
|
|
|
|
index e5956af..35f602c 100644
|
|
|
|
|
index e69deb8..24108f6 100644
|
|
|
|
|
--- a/src/nm-libreswan-service.c
|
|
|
|
|
+++ b/src/nm-libreswan-service.c
|
|
|
|
|
@@ -101,12 +101,13 @@ typedef struct {
|
|
|
|
|
@@ -103,6 +103,8 @@ typedef struct {
|
|
|
|
|
const char *whack_path;
|
|
|
|
|
char *secrets_path;
|
|
|
|
|
|
|
|
|
@ -1299,13 +1138,7 @@ index e5956af..35f602c 100644
|
|
|
|
|
gboolean openswan;
|
|
|
|
|
gboolean interactive;
|
|
|
|
|
gboolean pending_auth;
|
|
|
|
|
gboolean managed;
|
|
|
|
|
gboolean xauth_enabled;
|
|
|
|
|
- int version;
|
|
|
|
|
|
|
|
|
|
GPid pid;
|
|
|
|
|
guint watch_id;
|
|
|
|
|
@@ -152,12 +153,6 @@ _LOGD_enabled (void)
|
|
|
|
|
@@ -153,12 +155,6 @@ _LOGD_enabled (void)
|
|
|
|
|
#define _LOGW(...) _NMLOG(LOG_WARNING, __VA_ARGS__)
|
|
|
|
|
#define _LOGE(...) _NMLOG(LOG_EMERG, __VA_ARGS__)
|
|
|
|
|
|
|
|
|
@ -1317,8 +1150,8 @@ index e5956af..35f602c 100644
|
|
|
|
|
-
|
|
|
|
|
/****************************************************************/
|
|
|
|
|
|
|
|
|
|
static gboolean pr_cb (GIOChannel *source, GIOCondition condition, gpointer user_data);
|
|
|
|
|
@@ -666,9 +661,9 @@ nm_libreswan_config_psk_write (NMSettingVpn *s_vpn,
|
|
|
|
|
guint32
|
|
|
|
|
@@ -726,9 +722,9 @@ nm_libreswan_config_psk_write (NMSettingVpn *s_vpn,
|
|
|
|
|
GError **error)
|
|
|
|
|
{
|
|
|
|
|
const char *pw_type, *psk, *leftid, *right;
|
|
|
|
@ -1331,7 +1164,7 @@ index e5956af..35f602c 100644
|
|
|
|
|
|
|
|
|
|
/* Check for ignored group password */
|
|
|
|
|
pw_type = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_PSK_INPUT_MODES);
|
|
|
|
|
@@ -679,47 +674,32 @@ nm_libreswan_config_psk_write (NMSettingVpn *s_vpn,
|
|
|
|
|
@@ -739,47 +735,32 @@ nm_libreswan_config_psk_write (NMSettingVpn *s_vpn,
|
|
|
|
|
if (!psk)
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
@ -1399,7 +1232,7 @@ index e5956af..35f602c 100644
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/****************************************************************/
|
|
|
|
|
@@ -1766,6 +1746,44 @@ done:
|
|
|
|
|
@@ -1547,6 +1528,44 @@ done:
|
|
|
|
|
return success ? G_SOURCE_CONTINUE : G_SOURCE_REMOVE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -1444,7 +1277,7 @@ index e5956af..35f602c 100644
|
|
|
|
|
static gboolean
|
|
|
|
|
connect_step (NMLibreswanPlugin *self, GError **error)
|
|
|
|
|
{
|
|
|
|
|
@@ -1848,37 +1866,12 @@ connect_step (NMLibreswanPlugin *self, GError **error)
|
|
|
|
|
@@ -1629,36 +1648,12 @@ connect_step (NMLibreswanPlugin *self, GError **error)
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
case CONNECT_STEP_CONFIG_ADD: {
|
|
|
|
@ -1471,7 +1304,6 @@ index e5956af..35f602c 100644
|
|
|
|
|
- bus_name);
|
|
|
|
|
-
|
|
|
|
|
- if (!nm_libreswan_config_write (fd,
|
|
|
|
|
- priv->version,
|
|
|
|
|
- priv->connection,
|
|
|
|
|
- uuid,
|
|
|
|
|
- ifupdown_script,
|
|
|
|
@ -1483,14 +1315,14 @@ index e5956af..35f602c 100644
|
|
|
|
|
g_close (fd, NULL);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
@@ -1928,19 +1921,31 @@ _connect_common (NMVpnServicePlugin *plugin,
|
|
|
|
|
@@ -1721,12 +1716,24 @@ _connect_common (NMVpnServicePlugin *plugin,
|
|
|
|
|
NMLibreswanPluginPrivate *priv = NM_LIBRESWAN_PLUGIN_GET_PRIVATE (self);
|
|
|
|
|
NMSettingVpn *s_vpn;
|
|
|
|
|
const char *con_name = nm_connection_get_uuid (connection);
|
|
|
|
|
gs_free char *ipsec_banner = NULL;
|
|
|
|
|
+ gs_free char *ipsec_banner = NULL;
|
|
|
|
|
+ gs_free char *ifupdown_script = NULL;
|
|
|
|
|
+ gs_free char *bus_name = NULL;
|
|
|
|
|
+ gboolean trailing_newline;
|
|
|
|
|
+ int version;
|
|
|
|
|
|
|
|
|
|
if (_LOGD_enabled ()) {
|
|
|
|
|
_LOGD ("connection:");
|
|
|
|
@ -1505,19 +1337,10 @@ index e5956af..35f602c 100644
|
|
|
|
|
+ return FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
priv->ipsec_path = nm_libreswan_find_helper_bin ("ipsec", error);
|
|
|
|
|
priv->ipsec_path = find_helper_bin ("ipsec", error);
|
|
|
|
|
if (!priv->ipsec_path)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
- nm_libreswan_detect_version (priv->ipsec_path, &priv->openswan, &priv->version, &ipsec_banner);
|
|
|
|
|
+ nm_libreswan_detect_version (priv->ipsec_path, &priv->openswan, &version, &ipsec_banner);
|
|
|
|
|
_LOGD ("ipsec: version banner: %s", ipsec_banner);
|
|
|
|
|
- _LOGD ("ipsec: detected version %d (%s)", priv->version, priv->openswan ? "Openswan" : "Libreswan");
|
|
|
|
|
+ _LOGD ("ipsec: detected version %d (%s)", version, priv->openswan ? "Openswan" : "Libreswan");
|
|
|
|
|
|
|
|
|
|
if (!priv->openswan) {
|
|
|
|
|
priv->pluto_path = nm_libreswan_find_helper_libexec ("pluto", error);
|
|
|
|
|
@@ -1960,13 +1965,31 @@ _connect_common (NMVpnServicePlugin *plugin,
|
|
|
|
|
@@ -1750,13 +1757,30 @@ _connect_common (NMVpnServicePlugin *plugin,
|
|
|
|
|
if (!nm_libreswan_secrets_validate (s_vpn, error))
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
@ -1542,8 +1365,7 @@ index e5956af..35f602c 100644
|
|
|
|
|
+
|
|
|
|
|
+ /* Compose the ipsec.conf early, to catch configuration errors before
|
|
|
|
|
+ * we initiate the conneciton. */
|
|
|
|
|
+ priv->ipsec_conf = nm_libreswan_get_ipsec_conf (version,
|
|
|
|
|
+ s_vpn,
|
|
|
|
|
+ priv->ipsec_conf = nm_libreswan_get_ipsec_conf (s_vpn,
|
|
|
|
|
+ con_name,
|
|
|
|
|
+ ifupdown_script,
|
|
|
|
|
+ priv->openswan,
|
|
|
|
@ -1555,7 +1377,7 @@ index e5956af..35f602c 100644
|
|
|
|
|
|
|
|
|
|
/* XAUTH is not part of the IKEv2 standard and we always enforce it in IKEv1 */
|
|
|
|
|
priv->xauth_enabled = !nm_libreswan_utils_setting_is_ikev2 (s_vpn, NULL);
|
|
|
|
|
@@ -2141,6 +2164,7 @@ real_disconnect (NMVpnServicePlugin *plugin, GError **error)
|
|
|
|
|
@@ -1928,6 +1952,7 @@ real_disconnect (NMVpnServicePlugin *plugin, GError **error)
|
|
|
|
|
priv->watch_id = g_child_watch_add (priv->pid, child_watch_cb, plugin);
|
|
|
|
|
|
|
|
|
|
g_clear_object (&priv->connection);
|
|
|
|
@ -1563,7 +1385,7 @@ index e5956af..35f602c 100644
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
@@ -2173,6 +2197,7 @@ finalize (GObject *object)
|
|
|
|
|
@@ -1960,6 +1985,7 @@ finalize (GObject *object)
|
|
|
|
|
{
|
|
|
|
|
NMLibreswanPluginPrivate *priv = NM_LIBRESWAN_PLUGIN_GET_PRIVATE (object);
|
|
|
|
|
|
|
|
|
@ -1574,7 +1396,7 @@ index e5956af..35f602c 100644
|
|
|
|
|
--
|
|
|
|
|
2.46.0
|
|
|
|
|
|
|
|
|
|
From 8cbc188222d6a3dcff7ed937d44415f75e34b503 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From b3ab419db37186d2e888cfe1d91ca0a82c0be884 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Lubomir Rintel <lkundrak@v3.sk>
|
|
|
|
|
Date: Tue, 24 Sep 2024 10:55:02 +0200
|
|
|
|
|
Subject: [PATCH 6/6] shared/test-utils: add more test cases
|
|
|
|
@ -1583,11 +1405,11 @@ Test ipsec.conf formatting more thoroughly, include negative cases.
|
|
|
|
|
|
|
|
|
|
[lkundrak@v3.sk: Backported from 1.24.0]
|
|
|
|
|
---
|
|
|
|
|
shared/test-utils.c | 82 +++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
|
1 file changed, 82 insertions(+)
|
|
|
|
|
shared/test-utils.c | 81 +++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
|
1 file changed, 81 insertions(+)
|
|
|
|
|
|
|
|
|
|
diff --git a/shared/test-utils.c b/shared/test-utils.c
|
|
|
|
|
index 49aa32a..0a92d2b 100644
|
|
|
|
|
index 965daef..35d9a76 100644
|
|
|
|
|
--- a/shared/test-utils.c
|
|
|
|
|
+++ b/shared/test-utils.c
|
|
|
|
|
@@ -2,6 +2,8 @@
|
|
|
|
@ -1599,7 +1421,7 @@ index 49aa32a..0a92d2b 100644
|
|
|
|
|
static void
|
|
|
|
|
test_config_write (void)
|
|
|
|
|
{
|
|
|
|
|
@@ -57,6 +59,86 @@ test_config_write (void)
|
|
|
|
|
@@ -57,6 +59,85 @@ test_config_write (void)
|
|
|
|
|
" rightmodecfgserver=yes\n"
|
|
|
|
|
" modecfgpull=yes\n");
|
|
|
|
|
g_free (str);
|
|
|
|
@ -1609,7 +1431,7 @@ index 49aa32a..0a92d2b 100644
|
|
|
|
|
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "leftrsasigkey", "hello");
|
|
|
|
|
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "rightrsasigkey", "world");
|
|
|
|
|
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14");
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ g_assert_no_error (error);
|
|
|
|
|
+ g_assert_cmpstr (str, ==,
|
|
|
|
|
+ "conn conn\n"
|
|
|
|
@ -1626,10 +1448,9 @@ index 49aa32a..0a92d2b 100644
|
|
|
|
|
+ " modecfgpull=yes\n");
|
|
|
|
|
+ g_free (str);
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
|
|
|
|
|
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14");
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (3, s_vpn,
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (s_vpn,
|
|
|
|
|
+ "my_con",
|
|
|
|
|
+ "/foo/bar/ifupdown hello 123 456",
|
|
|
|
|
+ TRUE, FALSE, &error);
|
|
|
|
@ -1657,7 +1478,7 @@ index 49aa32a..0a92d2b 100644
|
|
|
|
|
+ g_free (str);
|
|
|
|
|
+
|
|
|
|
|
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT);
|
|
|
|
|
+ g_assert_null (str);
|
|
|
|
|
+ g_clear_error (&error);
|
|
|
|
@ -1665,21 +1486,21 @@ index 49aa32a..0a92d2b 100644
|
|
|
|
|
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
|
|
|
|
|
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12.13.14");
|
|
|
|
|
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "ikev2", "hello world");
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT);
|
|
|
|
|
+ g_assert_null (str);
|
|
|
|
|
+ g_clear_error (&error);
|
|
|
|
|
+
|
|
|
|
|
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
|
|
|
|
|
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "right", "11.12\n13.14");
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT);
|
|
|
|
|
+ g_assert_null (str);
|
|
|
|
|
+ g_clear_error (&error);
|
|
|
|
|
+
|
|
|
|
|
+ s_vpn = NM_SETTING_VPN (nm_setting_vpn_new ());
|
|
|
|
|
+ nm_setting_vpn_add_data_item (NM_SETTING_VPN(s_vpn), "rightcert", "\"cert\"");
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (4, s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ str = nm_libreswan_get_ipsec_conf (s_vpn, "conn", NULL, FALSE, TRUE, &error);
|
|
|
|
|
+ g_assert_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_INVALID_ARGUMENT);
|
|
|
|
|
+ g_assert_null (str);
|
|
|
|
|
+ g_clear_error (&error);
|