[NetworkManager-libreswan: 1/3] Write pfs option to libreswan

[Francesco Giudici <fgiudici src gnome org>]

commit 0f2b533ad7863492e86f2fd39736d24d8cfab8a6
Author: Jochen Jägers <jochen jaegers gmail com>
Date:   Sat Sep 15 15:55:41 2018 +0200

    Write pfs option to libreswan

 shared/nm-service-defines.h | 1 +
 shared/utils.c              | 5 +++++
 src/nm-libreswan-service.c  | 1 +
 3 files changed, 7 insertions(+)
---
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 06b6ff1..360433c 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -48,6 +48,7 @@
 #define NM_LIBRESWAN_KEY_XAUTH_PASSWORD_INPUT_MODES "xauthpasswordinputmodes"
 #define NM_LIBRESWAN_KEY_DOMAIN                     "Domain"
 #define NM_LIBRESWAN_KEY_DHGROUP                    "dhgroup"
+#define NM_LIBRESWAN_KEY_PFS                        "pfs"
 #define NM_LIBRESWAN_KEY_PFSGROUP                   "pfsgroup"
 #define NM_LIBRESWAN_KEY_DPDTIMEOUT                 "dpdtimeout"
 #define NM_LIBRESWAN_KEY_IKE                        "ike"
diff --git a/shared/utils.c b/shared/utils.c
index 934efc3..047ce8e 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -116,6 +116,7 @@ nm_libreswan_config_write (gint fd,
        const char *rekey;
        const char *fragmentation;
        const char *mobike;
+       const char *pfs;
        gboolean is_ikev2 = FALSE;
        gboolean xauth_enabled = TRUE;
 
@@ -244,6 +245,10 @@ nm_libreswan_config_write (gint fd,
        else if (xauth_enabled && leftid)
                WRITE_CHECK (fd, debug_write_fcn, error, " phase2alg=aes256-sha1");
 
+       pfs = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_PFS);
+       if (pfs && !strcmp (pfs, "no"))
+               WRITE_CHECK (fd, debug_write_fcn, error, " pfs=no");
+
        phase1_lifetime_str = nm_setting_vpn_get_data_item (s_vpn,
                                                            NM_LIBRESWAN_KEY_IKELIFETIME);
        if (phase1_lifetime_str && strlen (phase1_lifetime_str))
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index b18cfdb..e69deb8 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -258,6 +258,7 @@ static ValidProperty valid_properties[] = {
        { NM_LIBRESWAN_KEY_LEFTCERT,                   G_TYPE_STRING, 0, 0 },
        { NM_LIBRESWAN_KEY_DOMAIN,                     G_TYPE_STRING, 0, 0 },
        { NM_LIBRESWAN_KEY_DHGROUP,                    G_TYPE_STRING, 0, 0 },
+       { NM_LIBRESWAN_KEY_PFS,                        G_TYPE_STRING, 0, 0 },
        { NM_LIBRESWAN_KEY_PFSGROUP,                   G_TYPE_STRING, 0, 0 },
        { NM_LIBRESWAN_KEY_DPDTIMEOUT,                 G_TYPE_INT, 0, 86400 },
        { NM_LIBRESWAN_KEY_IKE,                        G_TYPE_STRING, 0, 0 },