[network-manager-openswan/dcbw/libreswan: 2/12] core: update for non-deprecated libreswan initialization flow
- From: Dan Williams <dcbw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-openswan/dcbw/libreswan: 2/12] core: update for non-deprecated libreswan initialization flow
- Date: Tue, 2 Dec 2014 01:02:27 +0000 (UTC)
commit 832e08ce8be1a82f0db43612cb8d0ad1dc00513f
Author: Dan Williams <dcbw redhat com>
Date: Mon Oct 20 14:21:50 2014 -0500
core: update for non-deprecated libreswan initialization flow
libreswan only provides 'ipsec XXXX' for backwards compatibility
with openswan/freeswan, so switch to non-deprecated libreswan
startup. Loosely follows what the libreswan systemd service
file does, which is:
ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig
ExecStartPre=/usr/libexec/ipsec/_stackmanager start
ExecStartPre=/usr/sbin/ipsec --checknss
ExecStart=/bin/sh -c 'eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`'
NM-openswan's 'addcon' is done right before connecting, and errors are
reported during the connect process (instead of service start as done
in the systemd unit).
We ignore --checknss here since that seems somewhat unecessary at the
moment.
configure.ac | 3 ++
src/nm-openswan-service.c | 61 ++++++++++++++++++++++++++++++++++++++++++---
2 files changed, 60 insertions(+), 4 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index 0104644..aac837b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8,6 +8,9 @@ AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h])
+AC_USE_SYSTEM_EXTENSIONS
+AC_GNU_SOURCE
+
dnl
dnl Require programs
dnl
diff --git a/src/nm-openswan-service.c b/src/nm-openswan-service.c
index 35821ee..9dcdf1c 100644
--- a/src/nm-openswan-service.c
+++ b/src/nm-openswan-service.c
@@ -61,6 +61,7 @@ GMainLoop *loop = NULL;
typedef enum {
CONNECT_STEP_FIRST,
+ CONNECT_STEP_STACK_INIT,
CONNECT_STEP_IPSEC_START,
CONNECT_STEP_CONFIG_ADD,
CONNECT_STEP_CONNECT,
@@ -76,8 +77,10 @@ typedef struct {
typedef struct {
const char *ipsec_path;
+ const char *pluto_path;
char *secrets_path;
+ gboolean libreswan;
gboolean interactive;
gboolean pending_auth;
@@ -261,11 +264,17 @@ find_helper (const char *progname, GError **error)
static const char *paths[] = {
PREFIX "/sbin/",
PREFIX "/bin/",
+ PREFIX "/libexec/ipsec/",
+ PREFIX "/lib/ipsec/",
"/sbin/",
"/usr/sbin/",
"/usr/local/sbin/",
"/usr/bin/",
"/usr/local/bin/",
+ "/usr/libexec/",
+ "/usr/local/libexec/ipsec/"
+ "/usr/lib/ipsec/",
+ "/usr/local/lib/ipsec/"
};
guint i;
GString *tmp;
@@ -896,6 +905,7 @@ connect_step (NMOpenSwanPlugin *self, GError **error)
NMOpenSwanPluginPrivate *priv = NM_OPENSWAN_PLUGIN_GET_PRIVATE (self);
const char *uuid;
int fd = -1, up_stdout = -1, up_stderr = -1, up_pty = -1;
+ gboolean success = FALSE;
g_warn_if_fail (priv->watch_id == 0);
priv->watch_id = 0;
@@ -912,12 +922,34 @@ connect_step (NMOpenSwanPlugin *self, GError **error)
/* fall through */
priv->connect_step++;
+ case CONNECT_STEP_STACK_INIT:
+ if (priv->libreswan) {
+ const char *stackman_path;
+
+ stackman_path = find_helper ("_stackmanager", error);
+ if (!stackman_path)
+ return FALSE;
+
+ /* Ensure the right IPSec kernel stack is loaded */
+ success = do_spawn (&priv->pid, NULL, NULL, error, stackman_path, "start", NULL);
+ if (success)
+ priv->watch_id = g_child_watch_add (priv->pid, pluto_watch_cb, self);
+ return success;
+ }
+ /* fall through */
+ priv->connect_step++;
+
case CONNECT_STEP_IPSEC_START:
/* Start the IPSec service */
- if (!do_spawn (&priv->pid, NULL, NULL, error, priv->ipsec_path, "setup", "start", NULL))
- return FALSE;
- priv->watch_id = g_child_watch_add (priv->pid, pluto_watch_cb, self);
- return TRUE;
+ if (priv->libreswan) {
+ success = do_spawn (&priv->pid, NULL, NULL, error,
+ priv->pluto_path, "--config", SYSCONFDIR "/ipsec.conf",
"--nofork",
+ NULL);
+ } else
+ success = do_spawn (&priv->pid, NULL, NULL, error, priv->ipsec_path, "setup",
"start", NULL);
+ if (success)
+ priv->watch_id = g_child_watch_add (priv->pid, pluto_watch_cb, self);
+ return success;
case CONNECT_STEP_CONFIG_ADD:
if (!do_spawn (&priv->pid, &fd, NULL, error, priv->ipsec_path,
@@ -958,6 +990,20 @@ connect_step (NMOpenSwanPlugin *self, GError **error)
}
static gboolean
+is_libreswan (const char *path)
+{
+ const char *argv[] = { path, NULL };
+ gboolean libreswan = FALSE;
+ char *output = NULL;
+
+ if (g_spawn_sync (NULL, (char **) argv, NULL, 0, NULL, NULL, &output, NULL, NULL, NULL)) {
+ libreswan = !!(output && strcasestr (output, " Libreswan "));
+ g_free (output);
+ }
+ return libreswan;
+}
+
+static gboolean
_connect_common (NMVPNPlugin *plugin,
NMConnection *connection,
GHashTable *details,
@@ -994,6 +1040,13 @@ _connect_common (NMVPNPlugin *plugin,
if (!priv->ipsec_path)
return FALSE;
+ priv->libreswan = is_libreswan (priv->ipsec_path);
+ if (priv->libreswan) {
+ priv->pluto_path = find_helper ("pluto", error);
+ if (!priv->pluto_path)
+ return FALSE;
+ }
+
priv->password = g_strdup (nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
/* Write the IPSec secret (group password); *SWAN always requires this and
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]