[network-manager-libreswan] all: add additional 'Advanced' settings
- From: Lubomir Rintel <lkundrak src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [network-manager-libreswan] all: add additional 'Advanced' settings
- Date: Tue, 31 Oct 2017 08:58:35 +0000 (UTC)
commit 367d2cb15f47641fa5c95be47a59e37d4b3b8d5e
Author: Erik Andersson <erik ingate com>
Date: Mon Oct 16 20:19:46 2017 +0200
all: add additional 'Advanced' settings
* Phase1 Lifetime - specifies ikelifetime=
* Phase2 Lifetime - specifies salifetime=
* Remote Network - specifies rightsubnet=
ikelifetime defaults to 24h, salifetime defaults to 24h
and rightsubnet defaults to 0.0.0.0/0 (the defaults
prior this commit).
https://github.com/NetworkManager/network-manager-libreswan/pull/1
properties/nm-libreswan-dialog.ui | 69 ++++++++++++++++++++++++++++++-
properties/nm-libreswan-editor-plugin.c | 9 ++++
properties/nm-libreswan-editor.c | 61 +++++++++++++++++++++++++++
shared/nm-service-defines.h | 3 +
shared/utils.c | 31 ++++++++++++-
src/nm-libreswan-service.c | 3 +
6 files changed, 172 insertions(+), 4 deletions(-)
---
diff --git a/properties/nm-libreswan-dialog.ui b/properties/nm-libreswan-dialog.ui
index 9ccae85..948d41c 100644
--- a/properties/nm-libreswan-dialog.ui
+++ b/properties/nm-libreswan-dialog.ui
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- Generated with glade 3.19.0 -->
+<!-- Generated with glade 3.20.0 -->
<interface>
<requires lib="gtk+" version="3.0"/>
<object class="GtkBox" id="libreswan-vbox">
@@ -282,6 +282,73 @@
<property name="top_attach">0</property>
</packing>
</child>
+ <child>
+ <object class="GtkLabel" id="phase1_lifetime">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Phase1 Lifetime:</property>
+ <property name="xalign">0</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="phase1_lifetime_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">3</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="phase2_lifetime">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Phase2 Lifetime:</property>
+ <property name="single_line_mode">True</property>
+ <property name="xalign">0</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">4</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="phase2_lifetime_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">4</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkLabel" id="remote_network">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
+ <property name="label" translatable="yes">Remote Network:</property>
+ <property name="xalign">0</property>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">5</property>
+ </packing>
+ </child>
+ <child>
+ <object class="GtkEntry" id="remote_network_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="top_attach">5</property>
+ </packing>
+ </child>
</object>
</child>
<child type="label">
diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
index 9970324..c5857de 100644
--- a/properties/nm-libreswan-editor-plugin.c
+++ b/properties/nm-libreswan-editor-plugin.c
@@ -113,6 +113,15 @@ import_from_file (NMVpnEditorPlugin *self,
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_ESP, &str[4]);
else if (g_str_has_prefix (str, "cisco-unity=yes"))
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_VENDOR, "Cisco");
+ else if (g_str_has_prefix (str, "ikelifetime="))
+ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_IKELIFETIME,
+ &str[12]);
+ else if (g_str_has_prefix (str, "salifetime="))
+ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_SALIFETIME,
+ &str[11]);
+ else if (g_str_has_prefix (str, "rightsubnet="))
+ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_REMOTENETWORK,
+ &str[12]);
else {
/* unknown tokens are silently ignored. */
}
diff --git a/properties/nm-libreswan-editor.c b/properties/nm-libreswan-editor.c
index b4e4a39..368b9b5 100644
--- a/properties/nm-libreswan-editor.c
+++ b/properties/nm-libreswan-editor.c
@@ -276,6 +276,32 @@ init_editor_plugin (LibreswanEditor *self,
}
g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
+ /* Phase 1 Lifetime: IKE */
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
+ "phase1_lifetime_entry"));
+ g_return_val_if_fail (widget != NULL, FALSE);
+ gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
+ if (s_vpn) {
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_IKELIFETIME);
+ if (value && strlen (value))
+ gtk_entry_set_text (GTK_ENTRY (widget), value);
+ }
+ g_signal_connect (G_OBJECT (widget), "changed",
+ G_CALLBACK (stuff_changed_cb), self);
+
+ /* Phase 2 Lifetime: SA */
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
+ "phase2_lifetime_entry"));
+ g_return_val_if_fail (widget != NULL, FALSE);
+ gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
+ if (s_vpn) {
+ value = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_SALIFETIME);
+ if (value && strlen (value))
+ gtk_entry_set_text (GTK_ENTRY (widget), value);
+ }
+ g_signal_connect (G_OBJECT (widget), "changed",
+ G_CALLBACK (stuff_changed_cb), self);
+
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry"));
g_return_val_if_fail (widget != NULL, FALSE);
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
@@ -292,6 +318,20 @@ init_editor_plugin (LibreswanEditor *self,
(GCallback) show_toggled_cb,
self);
+ /* Remote Network */
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
+ "remote_network_entry"));
+ g_return_val_if_fail (widget != NULL, FALSE);
+ gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
+ if (s_vpn) {
+ value = nm_setting_vpn_get_data_item (s_vpn,
+ NM_LIBRESWAN_REMOTENETWORK);
+ if (value && strlen (value))
+ gtk_entry_set_text (GTK_ENTRY (widget), value);
+ }
+ g_signal_connect (G_OBJECT (widget), "changed",
+ G_CALLBACK (stuff_changed_cb), self);
+
return TRUE;
}
@@ -389,12 +429,33 @@ update_connection (NMVpnEditor *iface,
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_ESP, str);
+ /* Phase 1 Lifetime: ike */
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
+ "phase1_lifetime_entry"));
+ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
+ if (str && strlen (str))
+ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_IKELIFETIME, str);
+
+ /* Phase 2 Lifetime: sa */
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
+ "phase2_lifetime_entry"));
+ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
+ if (str && strlen (str))
+ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_SALIFETIME, str);
+
/* Domain entry */
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "domain_entry"));
str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
if (str && strlen (str))
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_DOMAIN, str);
+ /* Remote Network */
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
+ "remote_network_entry"));
+ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
+ if (str && strlen (str))
+ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_REMOTENETWORK, str);
+
save_one_password (s_vpn,
priv->builder,
"user_password_entry",
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 5efa99b..85dd920 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -47,7 +47,10 @@
#define NM_LIBRESWAN_DPDTIMEOUT "dpdtimeout"
#define NM_LIBRESWAN_IKE "ike"
#define NM_LIBRESWAN_ESP "esp"
+#define NM_LIBRESWAN_IKELIFETIME "ikelifetime"
+#define NM_LIBRESWAN_SALIFETIME "salifetime"
#define NM_LIBRESWAN_VENDOR "vendor"
+#define NM_LIBRESWAN_REMOTENETWORK "rightsubnet"
#define NM_LIBRESWAN_PW_TYPE_SAVE "save"
#define NM_LIBRESWAN_PW_TYPE_ASK "ask"
diff --git a/shared/utils.c b/shared/utils.c
index f0bd85a..5a66975 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -101,7 +101,10 @@ nm_libreswan_config_write (gint fd,
const char *default_username;
const char *phase1_alg_str;
const char *phase2_alg_str;
+ const char *phase1_lifetime_str;
+ const char *phase2_lifetime_str;
const char *leftid;
+ const char *remote_network;
g_return_val_if_fail (fd > 0, FALSE);
g_return_val_if_fail (NM_IS_CONNECTION (connection), FALSE);
@@ -145,7 +148,14 @@ nm_libreswan_config_write (gint fd,
WRITE_CHECK (fd, debug_write_fcn, error, " rightxauthserver=yes");
WRITE_CHECK (fd, debug_write_fcn, error, " rightmodecfgserver=yes");
WRITE_CHECK (fd, debug_write_fcn, error, " modecfgpull=yes");
- WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=0.0.0.0/0");
+
+ remote_network = nm_setting_vpn_get_data_item (s_vpn,
+ NM_LIBRESWAN_REMOTENETWORK);
+ if (!remote_network || !strlen (remote_network))
+ WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=0.0.0.0/0");
+ else
+ WRITE_CHECK (fd, debug_write_fcn, error, " rightsubnet=%s",
+ remote_network);
phase1_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_IKE);
if (!phase1_alg_str || !strlen (phase1_alg_str))
@@ -160,8 +170,23 @@ nm_libreswan_config_write (gint fd,
WRITE_CHECK (fd, debug_write_fcn, error, " esp=%s", phase2_alg_str);
WRITE_CHECK (fd, debug_write_fcn, error, " rekey=yes");
- WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=24h");
- WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=24h");
+
+ phase1_lifetime_str = nm_setting_vpn_get_data_item (s_vpn,
+ NM_LIBRESWAN_IKELIFETIME);
+ if (!phase1_lifetime_str || !strlen (phase1_lifetime_str))
+ WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=24h");
+ else
+ WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=%s",
+ phase1_lifetime_str);
+
+ phase2_lifetime_str = nm_setting_vpn_get_data_item (s_vpn,
+ NM_LIBRESWAN_SALIFETIME);
+ if (!phase2_lifetime_str || !strlen (phase2_lifetime_str))
+ WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=24h");
+ else
+ WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=%s",
+ phase2_lifetime_str);
+
WRITE_CHECK (fd, debug_write_fcn, error, " keyingtries=1");
if (!openswan && g_strcmp0 (nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_VENDOR), "Cisco") == 0)
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index 487909b..c813aad 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -256,7 +256,10 @@ static ValidProperty valid_properties[] = {
{ NM_LIBRESWAN_DPDTIMEOUT, G_TYPE_INT, 0, 86400 },
{ NM_LIBRESWAN_IKE, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_ESP, G_TYPE_STRING, 0, 0 },
+ { NM_LIBRESWAN_IKELIFETIME, G_TYPE_STRING, 0, 0 },
+ { NM_LIBRESWAN_SALIFETIME, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_VENDOR, G_TYPE_STRING, 0, 0 },
+ { NM_LIBRESWAN_REMOTENETWORK, G_TYPE_STRING, 0, 0 },
/* Ignored option for internal use */
{ NM_LIBRESWAN_PSK_INPUT_MODES, G_TYPE_NONE, 0, 0 },
{ NM_LIBRESWAN_XAUTH_PASSWORD_INPUT_MODES, G_TYPE_NONE, 0, 0 },
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
