[network-manager-openswan/dcbw/cleanups: 11/17] core: use different name for each connection
- From: Dan Williams <dcbw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openswan/dcbw/cleanups: 11/17] core: use different name for each connection
- Date: Thu, 7 Aug 2014 22:52:07 +0000 (UTC)
commit 9dfe91fa9cafa181d62e8e85ad0cb215cb2e1810
Author: Dan Williams <dcbw redhat com>
Date: Thu Aug 7 10:36:45 2014 -0500
core: use different name for each connection
Instead of everything being named 'nm-conn1' use a different name
for each connection based on the UUID.
src/nm-openswan-service.c | 126 ++++++++++++++++++++++++++++----------------
1 files changed, 80 insertions(+), 46 deletions(-)
---
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index e65f3b6..b051743 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -49,6 +49,7 @@ G_DEFINE_TYPE (NMOPENSWANPlugin, nm_openswan_plugin, NM_TYPE_VPN_PLUGIN)
typedef struct {
GPid pid;
+ char *secrets_path;
} NMOPENSWANPluginPrivate;
#define NM_OPENSWAN_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_OPENSWAN_PLUGIN,
NMOPENSWANPluginPrivate))
@@ -280,7 +281,9 @@ pluto_watch_cb (GPid pid, gint status, gpointer user_data)
}
static gint
-nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
+nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin,
+ const char *uuid,
+ GError **error)
{
GPid pid, pid_auto;
const char *ipsec_binary;
@@ -318,7 +321,7 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
g_ptr_array_add (openswan_argv, (gpointer) "--add");
g_ptr_array_add (openswan_argv, (gpointer) "--config");
g_ptr_array_add (openswan_argv, (gpointer) "-");
- g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
+ g_ptr_array_add (openswan_argv, (gpointer) uuid);
g_ptr_array_add (openswan_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
@@ -339,7 +342,9 @@ nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
}
static gint
-nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error)
+nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin,
+ const char *uuid,
+ GError **error)
{
GPid pid;
const char *ipsec_binary;
@@ -354,7 +359,7 @@ nm_openswan_start_openswan_connection (NMOPENSWANPlugin *plugin, GError **error)
g_ptr_array_add (openswan_argv, (gpointer) ipsec_binary);
g_ptr_array_add (openswan_argv, (gpointer) "auto");
g_ptr_array_add (openswan_argv, (gpointer) "--up");
- g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
+ g_ptr_array_add (openswan_argv, (gpointer) uuid);
g_ptr_array_add (openswan_argv, NULL);
if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
@@ -394,7 +399,10 @@ write_config_option (int fd, const char *format, ...)
}
static gboolean
-nm_openswan_config_write (gint fd, NMSettingVPN *s_vpn, GError **error)
+nm_openswan_config_write (gint fd,
+ const char *uuid,
+ NMSettingVPN *s_vpn,
+ GError **error)
{
const char *props_username;
const char *default_username;
@@ -403,7 +411,7 @@ nm_openswan_config_write (gint fd, NMSettingVPN *s_vpn, GError **error)
g_assert (fd >= 0);
- write_config_option (fd, "conn nm-conn1\n");
+ write_config_option (fd, "conn %s\n", uuid);
write_config_option (fd, " aggrmode=yes\n");
write_config_option (fd, " authby=secret\n");
write_config_option (fd, " left=%%defaultroute\n");
@@ -447,7 +455,9 @@ nm_openswan_config_write (gint fd, NMSettingVPN *s_vpn, GError **error)
}
static gboolean
-nm_openswan_config_psk_write (NMSettingVPN *s_vpn, GError **error)
+nm_openswan_config_psk_write (NMSettingVPN *s_vpn,
+ const char *secrets_path,
+ GError **error)
{
const char *pw_type, *psk, *leftid;
int fd;
@@ -462,12 +472,14 @@ nm_openswan_config_psk_write (NMSettingVPN *s_vpn, GError **error)
return TRUE;
/* Write the PSK */
- fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
+ errno = 0;
+ fd = open (secrets_path, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
if (fd < 0) {
- g_set_error_literal (error,
- NM_VPN_PLUGIN_ERROR,
- NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
- "Failed to open secrets file.");
+ g_set_error (error,
+ NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
+ "Failed to open secrets file: (%d) %s.",
+ errno, g_strerror (errno));
return FALSE;
}
@@ -479,58 +491,70 @@ nm_openswan_config_psk_write (NMSettingVPN *s_vpn, GError **error)
return TRUE;
}
+static void
+delete_secrets_file (NMOPENSWANPlugin *self)
+{
+ NMOPENSWANPluginPrivate *priv = NM_OPENSWAN_PLUGIN_GET_PRIVATE (self);
+
+ if (priv->secrets_path) {
+ unlink (priv->secrets_path);
+ g_clear_pointer (&priv->secrets_path, g_free);
+ }
+}
+
+
static gboolean
real_connect (NMVPNPlugin *plugin,
NMConnection *connection,
GError **error)
{
+ NMOPENSWANPlugin *self = NM_OPENSWAN_PLUGIN (plugin);
+ NMOPENSWANPluginPrivate *priv = NM_OPENSWAN_PLUGIN_GET_PRIVATE (self);
NMSettingVPN *s_vpn;
- gint openswan_fd = -1;
- gboolean success = FALSE;
+ const char *uuid = nm_connection_get_uuid (connection);
+ gint fd = -1;
- s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
+ s_vpn = nm_connection_get_setting_vpn (connection);
g_assert (s_vpn);
if (!nm_openswan_properties_validate (s_vpn, error))
- goto out;
+ return FALSE;
if (!nm_openswan_secrets_validate (s_vpn, error))
- goto out;
+ return FALSE;
- if (!nm_openswan_config_psk_write (s_vpn, error))
- goto out;
+ /* Write the IPSec secret (group password) */
+ priv->secrets_path = g_strdup_printf (SYSCONFDIR "ipsec.d/ipsec-%s.secrets", uuid);
+ if (!nm_openswan_config_psk_write (s_vpn, priv->secrets_path, error))
+ return FALSE;
- openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error);
- if (openswan_fd < 0)
- goto out;
+ fd = nm_openswan_start_openswan_binary (self, uuid, error);
+ if (fd < 0)
+ goto error;
if (debug)
nm_connection_dump (connection);
- if (!nm_openswan_config_write (openswan_fd, s_vpn, error)) {
- goto out;
- } else {
- /*no error*/
- openswan_fd = -1;
- }
-
- unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets");
-
- openswan_fd = nm_openswan_start_openswan_connection (NM_OPENSWAN_PLUGIN (plugin), error);
- if (openswan_fd < 0)
- goto out;
-
- write_config_option (openswan_fd, "%s", nm_setting_vpn_get_secret (s_vpn,
NM_OPENSWAN_XAUTH_PASSWORD));
- close(openswan_fd);
- openswan_fd=-1;
+ /* Start the IPSec service */
+ if (!nm_openswan_config_write (fd, uuid, s_vpn, error))
+ goto error;
+ close (fd);
- success = TRUE;
+ /* Start the actual IPSec connection */
+ fd = nm_openswan_start_openswan_connection (self, uuid, error);
+ if (fd < 0)
+ goto error;
-out:
- if (openswan_fd >= 0)
- close (openswan_fd);
+ /* Write the user password */
+ write_config_option (fd, "%s", nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
+ close (fd);
+ return TRUE;
- return success;
+error:
+ if (fd >= 0)
+ close (fd);
+ delete_secrets_file (self);
+ return FALSE;
}
static gboolean
@@ -574,12 +598,13 @@ real_need_secrets (NMVPNPlugin *plugin,
}
static gboolean
-real_disconnect (NMVPNPlugin *plugin,
- GError **error)
+real_disconnect (NMVPNPlugin *plugin, GError **error)
{
const char *ipsec_binary;
GPtrArray *openswan_argv;
+ delete_secrets_file (NM_OPENSWAN_PLUGIN (plugin));
+
ipsec_binary = find_ipsec (error);
if (!ipsec_binary)
return -1;
@@ -607,6 +632,14 @@ nm_openswan_plugin_init (NMOPENSWANPlugin *plugin)
}
static void
+finalize (GObject *object)
+{
+ delete_secrets_file (NM_OPENSWAN_PLUGIN (object));
+
+ G_OBJECT_CLASS (nm_openswan_plugin_parent_class)->finalize (object);
+}
+
+static void
nm_openswan_plugin_class_init (NMOPENSWANPluginClass *openswan_class)
{
GObjectClass *object_class = G_OBJECT_CLASS (openswan_class);
@@ -615,7 +648,8 @@ nm_openswan_plugin_class_init (NMOPENSWANPluginClass *openswan_class)
g_type_class_add_private (object_class, sizeof (NMOPENSWANPluginPrivate));
/* virtual methods */
- parent_class->connect = real_connect;
+ object_class->finalize = finalize;
+ parent_class->connect = real_connect;
parent_class->need_secrets = real_need_secrets;
parent_class->disconnect = real_disconnect;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
