[network-manager-libreswan/lr/import-export: 3/7] common: split out the connection writer from service
- From: Lubomir Rintel <lkundrak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-libreswan/lr/import-export: 3/7] common: split out the connection writer from service
- Date: Sat, 12 Dec 2015 11:56:44 +0000 (UTC)
commit 1f5b0d1ce2994b2025b8e7867c38c726ba0a8592
Author: Lubomir Rintel <lkundrak v3 sk>
Date: Mon Dec 7 12:18:00 2015 +0100
common: split out the connection writer from service
We're going to reuse it for exports.
Makefile.am | 2 +-
common/Makefile.am | 24 ++++++++++
common/utils.c | 108 ++++++++++++++++++++++++++++++++++++++++++++
common/utils.h | 49 ++++++++++++++++++++
configure.ac | 1 +
src/Makefile.am | 4 +-
src/nm-libreswan-service.c | 102 ++---------------------------------------
src/nm-libreswan-service.h | 2 +
8 files changed, 193 insertions(+), 99 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index 6e57cd7..cd7cc78 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
AUTOMAKE_OPTIONS = foreign
-SUBDIRS = src
+SUBDIRS = common src
if WITH_GNOME
SUBDIRS += auth-dialog properties po
diff --git a/common/Makefile.am b/common/Makefile.am
new file mode 100644
index 0000000..627d9dd
--- /dev/null
+++ b/common/Makefile.am
@@ -0,0 +1,24 @@
+noinst_LTLIBRARIES = libnm-libreswan-common.la
+if WITH_LIBNM_GLIB
+noinst_LTLIBRARIES += libnm-vpn-plugin-libreswan-common.la
+endif
+
+libnm_libreswan_common_la_SOURCES = \
+ utils.c \
+ utils.h
+
+libnm_vpn_plugin_libreswan_common_la_SOURCES = \
+ $(libnm_libreswan_common_la_SOURCES)
+
+common_CPPFLAGS = \
+ -DLIBEXECDIR=\""$(libexecdir)"\" \
+ -I$(top_srcdir)/src/
+
+libnm_libreswan_common_la_CPPFLAGS = \
+ $(LIBNM_CFLAGS) \
+ $(common_CPPFLAGS)
+
+libnm_vpn_plugin_libreswan_common_la_CPPFLAGS = \
+ -DNM_LIBRESWAN_OLD \
+ $(LIBNM_GLIB_CFLAGS) \
+ $(common_CPPFLAGS)
diff --git a/common/utils.c b/common/utils.c
new file mode 100644
index 0000000..f1431e8
--- /dev/null
+++ b/common/utils.c
@@ -0,0 +1,108 @@
+/* NetworkManager-libreswan -- Network Manager Libreswan plugin
+ *
+ * Dan Williams <dcbw redhat com>
+ * Avesh Agarwal <avagarwa redhat com>
+ * Lubomir Rintel <lkundrak v3 sk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2010 - 2015 Red Hat, Inc.
+ */
+
+#include <unistd.h>
+#include <string.h>
+#include <glib.h>
+#include <NetworkManager.h>
+
+#ifdef NM_LIBRESWAN_OLD
+#define NM_VPN_LIBNM_COMPAT
+#include <nm-connection.h>
+#endif
+
+#include "nm-libreswan-service.h"
+#include "utils.h"
+
+gboolean debug = FALSE;
+
+void
+nm_libreswan_config_write (gint fd,
+ NMConnection *connection,
+ const char *bus_name,
+ gboolean openswan)
+{
+ NMSettingVpn *s_vpn = nm_connection_get_setting_vpn (connection);
+ const char *con_name = nm_connection_get_uuid (connection);
+ const char *props_username;
+ const char *default_username;
+ const char *phase1_alg_str;
+ const char *phase2_alg_str;
+
+ g_assert (fd >= 0);
+ g_assert (s_vpn);
+ g_assert (con_name);
+
+ write_config_option (fd, "conn %s\n", con_name);
+ write_config_option (fd, " aggrmode=yes\n");
+ write_config_option (fd, " authby=secret\n");
+ write_config_option (fd, " left=%%defaultroute\n");
+ write_config_option (fd, " leftid= %s\n", nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_LEFTID));
+ write_config_option (fd, " leftxauthclient=yes\n");
+ write_config_option (fd, " leftmodecfgclient=yes\n");
+
+ if (bus_name)
+ write_config_option (fd, " leftupdown=\"" NM_LIBRESWAN_HELPER_PATH " --bus-name %s\"\n",
bus_name);
+
+ default_username = nm_setting_vpn_get_user_name (s_vpn);
+ props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_LEFTXAUTHUSER);
+ if ( default_username && strlen (default_username)
+ && (!props_username || !strlen (props_username)))
+ write_config_option (fd, " leftxauthusername=%s\n", default_username);
+ else
+ write_config_option (fd, " leftxauthusername=%s\n", props_username);
+
+ write_config_option (fd, " right=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_RIGHT));
+ write_config_option (fd, " remote_peer_type=cisco\n");
+ write_config_option (fd, " rightxauthserver=yes\n");
+ write_config_option (fd, " rightmodecfgserver=yes\n");
+
+ phase1_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_IKE);
+ if (!phase1_alg_str || !strlen (phase1_alg_str))
+ write_config_option (fd, " ike=aes-sha1\n");
+ else
+ write_config_option (fd, " ike=%s\n", phase1_alg_str);
+
+ phase2_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_ESP);
+ if (!phase2_alg_str || !strlen (phase2_alg_str))
+ write_config_option (fd, " esp=aes-sha1;modp1024\n");
+ else
+ write_config_option (fd, " esp=%s\n", phase2_alg_str);
+
+ write_config_option (fd, " rekey=yes\n");
+ write_config_option (fd, " salifetime=24h\n");
+ write_config_option (fd, " ikelifetime=24h\n");
+ write_config_option (fd, " keyingtries=1\n");
+ if (!openswan && g_strcmp0 (nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_VENDOR), "Cisco") == 0)
+ write_config_option (fd, " cisco-unity=yes\n");
+ write_config_option (fd, " auto=add");
+
+ /* openswan requires a terminating \n (otherwise it segfaults) while
+ * libreswan fails parsing the configuration if you include the \n.
+ * WTF?
+ */
+ if (openswan)
+ (void) write (fd, "\n", 1);
+ if (debug)
+ g_print ("\n");
+}
diff --git a/common/utils.h b/common/utils.h
new file mode 100644
index 0000000..ee9b23e
--- /dev/null
+++ b/common/utils.h
@@ -0,0 +1,49 @@
+/* NetworkManager-libreswan -- Network Manager Libreswan plugin
+ *
+ * Dan Williams <dcbw redhat com>
+ * Avesh Agarwal <avagarwa redhat com>
+ * Lubomir Rintel <lkundrak v3 sk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2010 - 2015 Red Hat, Inc.
+ */
+
+extern gboolean debug;
+
+static inline void
+write_config_option (int fd, const char *format, ...)
+{
+ char *string;
+ va_list args;
+
+ va_start (args, format);
+ string = g_strdup_vprintf (format, args);
+
+ if (debug)
+ g_print ("Config: %s", string);
+
+ if (write (fd, string, strlen (string)) == -1)
+ g_warning ("nm-libreswan: error in write_config_option");
+
+ g_free (string);
+ va_end (args);
+}
+
+void
+nm_libreswan_config_write (gint fd,
+ NMConnection *connection,
+ const char *bus_name,
+ gboolean openswan);
diff --git a/configure.ac b/configure.ac
index e3594bd..99e76e9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -109,6 +109,7 @@ NM_COMPILER_WARNINGS
AC_CONFIG_FILES([
Makefile
+common/Makefile
src/Makefile
auth-dialog/Makefile
auth-dialog/nm-libreswan-auth-dialog.desktop.in
diff --git a/src/Makefile.am b/src/Makefile.am
index fa6059b..07736e9 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -9,7 +9,8 @@ AM_CPPFLAGS = \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DLOCALSTATEDIR=\""$(localstatedir)"\" \
-DDATADIR=\"$(datadir)\" \
- -DNM_LIBRESWAN_LOCALEDIR=\"$(datadir)/locale\"
+ -DNM_LIBRESWAN_LOCALEDIR=\"$(datadir)/locale\" \
+ -I$(top_srcdir)/common/
libexec_PROGRAMS = nm-libreswan-service nm-libreswan-service-helper
@@ -40,6 +41,7 @@ nm_libreswan_service_LDADD = \
$(GLIB_LIBS) \
$(LIBNM_LIBS) \
$(LIBNL_LIBS) \
+ $(top_builddir)/common/libnm-libreswan-common.la \
libnm-libreswan-helper-service-dbus.la \
-lutil
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index b11fd91..ad752f8 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -56,6 +56,7 @@
#include "nm-libreswan-helper-service-dbus.h"
#include "nm-libreswan-service.h"
#include "nm-utils.h"
+#include "utils.h"
#if !defined(DIST_VERSION)
# define DIST_VERSION VERSION
@@ -73,7 +74,6 @@ G_DEFINE_TYPE (NMLibreswanPlugin, nm_libreswan_plugin, NM_TYPE_VPN_SERVICE_PLUGI
/************************************************************/
-static gboolean debug = FALSE;
GMainLoop *loop = NULL;
typedef enum {
@@ -125,8 +125,6 @@ typedef struct {
#define NM_LIBRESWAN_PLUGIN_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_LIBRESWAN_PLUGIN,
NMLibreswanPluginPrivate))
-#define NM_LIBRESWAN_HELPER_PATH LIBEXECDIR"/nm-libreswan-service-helper"
-
#define DEBUG(...) \
G_STMT_START { \
if (debug) { \
@@ -619,99 +617,6 @@ do_spawn (GPid *out_pid,
return success;
}
-static inline void
-write_config_option (int fd, const char *format, ...)
-{
- char *string;
- va_list args;
-
- va_start (args, format);
- string = g_strdup_vprintf (format, args);
-
- if (debug)
- g_print ("Config: %s", string);
-
- if ( write (fd, string, strlen (string)) == -1)
- g_warning ("nm-libreswan: error in write_config_option");
-
- g_free (string);
- va_end (args);
-}
-
-static void
-nm_libreswan_config_write (NMLibreswanPlugin *self,
- gint fd,
- NMConnection *connection,
- GError **error)
-{
- NMLibreswanPluginPrivate *priv = NM_LIBRESWAN_PLUGIN_GET_PRIVATE (self);
- NMSettingVpn *s_vpn = nm_connection_get_setting_vpn (connection);
- const char *con_name = nm_connection_get_uuid (connection);
- const char *props_username;
- const char *default_username;
- const char *phase1_alg_str;
- const char *phase2_alg_str;
- char *bus_name;
-
- g_assert (fd >= 0);
- g_assert (s_vpn);
- g_assert (con_name);
-
- write_config_option (fd, "conn %s\n", con_name);
- write_config_option (fd, " aggrmode=yes\n");
- write_config_option (fd, " authby=secret\n");
- write_config_option (fd, " left=%%defaultroute\n");
- write_config_option (fd, " leftid= %s\n", nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_LEFTID));
- write_config_option (fd, " leftxauthclient=yes\n");
- write_config_option (fd, " leftmodecfgclient=yes\n");
-
- g_object_get (self, NM_VPN_SERVICE_PLUGIN_DBUS_SERVICE_NAME, &bus_name, NULL);
- write_config_option (fd, " leftupdown=\"" NM_LIBRESWAN_HELPER_PATH " --bus-name %s\"\n", bus_name);
- g_free (bus_name);
-
- default_username = nm_setting_vpn_get_user_name (s_vpn);
- props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_LEFTXAUTHUSER);
- if ( default_username && strlen (default_username)
- && (!props_username || !strlen (props_username)))
- write_config_option (fd, " leftxauthusername=%s\n", default_username);
- else
- write_config_option (fd, " leftxauthusername=%s\n", props_username);
-
- write_config_option (fd, " right=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_RIGHT));
- write_config_option (fd, " remote_peer_type=cisco\n");
- write_config_option (fd, " rightxauthserver=yes\n");
- write_config_option (fd, " rightmodecfgserver=yes\n");
-
- phase1_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_IKE);
- if (!phase1_alg_str || !strlen (phase1_alg_str))
- write_config_option (fd, " ike=aes-sha1\n");
- else
- write_config_option (fd, " ike=%s\n", phase1_alg_str);
-
- phase2_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_ESP);
- if (!phase2_alg_str || !strlen (phase2_alg_str))
- write_config_option (fd, " esp=aes-sha1;modp1024\n");
- else
- write_config_option (fd, " esp=%s\n", phase2_alg_str);
-
- write_config_option (fd, " rekey=yes\n");
- write_config_option (fd, " salifetime=24h\n");
- write_config_option (fd, " ikelifetime=24h\n");
- write_config_option (fd, " keyingtries=1\n");
- if (!priv->openswan && g_strcmp0 (nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_VENDOR), "Cisco")
== 0)
- write_config_option (fd, " cisco-unity=yes\n");
- write_config_option (fd, " auto=add");
-
- /* openswan requires a terminating \n (otherwise it segfaults) while
- * libreswan fails parsing the configuration if you include the \n.
- * WTF?
- */
- if (priv->openswan)
- (void) write (fd, "\n", 1);
- if (debug)
- g_print ("\n");
-}
-
static gboolean
nm_libreswan_config_psk_write (NMSettingVpn *s_vpn,
const char *secrets_path,
@@ -1468,6 +1373,7 @@ connect_step (NMLibreswanPlugin *self, GError **error)
const char *uuid;
int fd = -1, up_stdout = -1, up_stderr = -1, up_pty = -1;
gboolean success = FALSE;
+ char *bus_name;
g_warn_if_fail (priv->watch_id == 0);
priv->watch_id = 0;
@@ -1535,7 +1441,9 @@ connect_step (NMLibreswanPlugin *self, GError **error)
"auto", "--replace", "--config", "-", uuid, NULL))
return FALSE;
priv->watch_id = g_child_watch_add (priv->pid, child_watch_cb, self);
- nm_libreswan_config_write (self, fd, priv->connection, error);
+ g_object_get (self, NM_VPN_SERVICE_PLUGIN_DBUS_SERVICE_NAME, &bus_name, NULL);
+ nm_libreswan_config_write (fd, priv->connection, bus_name, priv->openswan);
+ g_free (bus_name);
close (fd);
return TRUE;
diff --git a/src/nm-libreswan-service.h b/src/nm-libreswan-service.h
index 201b523..cba0c62 100644
--- a/src/nm-libreswan-service.h
+++ b/src/nm-libreswan-service.h
@@ -32,6 +32,8 @@
#define NM_DBUS_PATH_LIBRESWAN "/org/freedesktop/NetworkManager/libreswan"
#define NM_DBUS_PATH_LIBRESWAN_HELPER "/org/freedesktop/NetworkManager/libreswan/helper"
+#define NM_LIBRESWAN_HELPER_PATH LIBEXECDIR"/nm-libreswan-service-helper"
+
#define NM_LIBRESWAN_RIGHT "right"
#define NM_LIBRESWAN_LEFTID "leftid"
#define NM_LIBRESWAN_PSK_VALUE "pskvalue"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
