[network-manager-libreswan] service: initialize NSS if needed

From: Lubomir Rintel <lkundrak src gnome org>
To: commits-list gnome org
Cc:
Subject: [network-manager-libreswan] service: initialize NSS if needed
Date: Fri, 18 Mar 2016 16:49:17 +0000 (UTC)

commit 1c50d6ba45b5ec01d978c92a679ab95fcbf6c3f1
Author: Lubomir Rintel <lkundrak v3 sk>
Date:   Tue Mar 15 11:09:43 2016 +0100

    service: initialize NSS if needed

 src/nm-libreswan-service.c |   20 ++++++++++++++++++++
 1 files changed, 20 insertions(+), 0 deletions(-)
---
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index c076f08..f69b55d 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -80,6 +80,7 @@ typedef enum {
     CONNECT_STEP_FIRST,
     CONNECT_STEP_CHECK_RUNNING,
     CONNECT_STEP_STACK_INIT,
+    CONNECT_STEP_CHECK_NSS,
     CONNECT_STEP_IPSEC_START,
     CONNECT_STEP_WAIT_READY,
     CONNECT_STEP_CONFIG_ADD,
@@ -553,11 +554,18 @@ child_watch_cb (GPid pid, gint status, gpointer user_data)
                return;
        }
 
+       /* Ready step can return a failure even if libreswan is ready,
+        * but failed to listen to some interfaces due to a bug in older
+        * libreswan versions. */
        if (priv->connect_step == CONNECT_STEP_WAIT_READY)
                success = (ret != 1);
        else
                success = (ret == 0);
 
+       /* Ignore failures here, maybe the libreswan daemon is too old. */
+       if (priv->connect_step == CONNECT_STEP_CHECK_NSS)
+               success = TRUE;
+
        if (success) {
                /* Success; do the next connect step */
                priv->connect_step++;
@@ -1515,6 +1523,18 @@ connect_step (NMLibreswanPlugin *self, GError **error)
                /* fall through */
                priv->connect_step++;
 
+       case CONNECT_STEP_CHECK_NSS:
+               /* Start the IPsec service */
+               if (!priv->openswan) {
+                       success = do_spawn (self, &priv->pid, NULL, NULL, error,
+                                           priv->ipsec_path, "--checknss", NULL);
+                       if (success)
+                               priv->watch_id = g_child_watch_add (priv->pid, child_watch_cb, self);
+                       return success;
+               }
+               /* fall through */
+               priv->connect_step++;
+
        case CONNECT_STEP_IPSEC_START:
                /* Start the IPsec service */
                if (priv->openswan)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]