rpms
/
NetworkManager-libreswan
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2b10e21766'
${ noResults }
NetworkManager-libreswan/SOURCES/0001-service-properties-add...

80 lines
3.8 KiB
Raw Blame History

From 0f0b2d375901e302e8a619e3911321f511b52885 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Tue, 9 Jan 2024 23:30:42 +0100
Subject: [PATCH 1/5] service,properties: add support for leftmodecfgclient
Previously the plugin always set leftmodecfgclient=yes, which is used
for roaming clients to obtain a dynamic IP. In a server-to-server
scenario we don't want that option; allow omitting it by passing
leftmodecfgclient=no. It's somehow confusing that the new option has
the opposite default value than Libreswan, but that's the only way to
keep backwards compatibility for existing configurations.
---
properties/nm-libreswan-dialog.ui | 26 +++++++++++++++++++++++++
properties/nm-libreswan-editor-plugin.c | 2 ++
properties/nm-libreswan-editor.c | 9 +++++++++
shared/nm-service-defines.h | 1 +
shared/utils.c | 8 +++++++-
src/nm-libreswan-service.c | 1 +
6 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
index b5c0d9e..89243cc 100644
--- a/properties/nm-libreswan-editor-plugin.c
+++ b/properties/nm-libreswan-editor-plugin.c
@@ -182,6 +182,8 @@ import_from_file (NMVpnEditorPlugin *self,
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME, &str[13]);
else if (g_str_has_prefix (str, "leftcert="))
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTCERT, &str[9]);
+ else if (nm_streq0 (str, "leftmodecfgclient=no"))
+ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT, "no");
else if (g_str_has_prefix (str, "pfs=no"))
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_PFS, "no");
else if (g_str_has_prefix (str, "cisco-unity=yes"))
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 3fdf2ef..14170ad 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -41,6 +41,7 @@
#define NM_LIBRESWAN_KEY_LEFTID "leftid"
#define NM_LIBRESWAN_KEY_LEFTRSASIGKEY "leftrsasigkey"
#define NM_LIBRESWAN_KEY_LEFTCERT "leftcert"
+#define NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT "leftmodecfgclient"
#define NM_LIBRESWAN_KEY_AUTHBY "authby"
#define NM_LIBRESWAN_KEY_PSK_VALUE "pskvalue"
#define NM_LIBRESWAN_KEY_PSK_INPUT_MODES "pskinputmodes"
diff --git a/shared/utils.c b/shared/utils.c
index cbc117c..0bac9e6 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -191,7 +191,13 @@ nm_libreswan_config_write (gint fd,
else
WRITE_CHECK (fd, debug_write_fcn, error, " left=%%defaultroute");
- WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=yes");
+ item = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT);
+ if (nm_streq0 (item, "no")) {
+ WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=no");
+ } else {
+ WRITE_CHECK (fd, debug_write_fcn, error, " leftmodecfgclient=yes");
+ }
+
if (leftupdown_script)
WRITE_CHECK (fd, debug_write_fcn, error, " leftupdown=%s", leftupdown_script);
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index fc470a6..874f767 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -256,6 +256,7 @@ static ValidProperty valid_properties[] = {
{ NM_LIBRESWAN_KEY_LEFTUSERNAME, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_LEFTRSASIGKEY, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_LEFTCERT, G_TYPE_STRING, 0, 0 },
+ { NM_LIBRESWAN_KEY_LEFTMODECFGCLIENT, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_AUTHBY, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_DOMAIN, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_DHGROUP, G_TYPE_STRING, 0, 0 },
--
2.43.0
Reference in new issue View Git Blame Copy Permalink