[NetworkManager-libreswan/bg/libreswan4] all: support libreswan 4
- From: Beniamino Galvani <bgalvani src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-libreswan/bg/libreswan4] all: support libreswan 4
- Date: Wed, 23 Dec 2020 07:30:12 +0000 (UTC)
commit c28968eb29ae396003e71c206cd0f2092569fcd3
Author: Beniamino Galvani <bgalvani redhat com>
Date: Tue Dec 22 19:24:37 2020 +0100
all: support libreswan 4
Some options changed name in libreswan 4. Parse the version in the
'ipsec' output and use the appropriate options. Note that now both the
old and new options are accepted in the connection.
https://gitlab.gnome.org/GNOME/NetworkManager-libreswan/-/issues/6
Makefile.am | 1 +
man/nm-settings-libreswan.5.in | 2 +-
properties/nm-libreswan-editor-plugin.c | 8 ++
properties/nm-libreswan-editor.c | 41 ++++++----
shared/nm-service-defines.h | 1 +
shared/utils.c | 128 +++++++++++++++++++++++++++++++-
shared/utils.h | 10 +++
src/nm-libreswan-service.c | 93 +++--------------------
8 files changed, 183 insertions(+), 101 deletions(-)
---
diff --git a/Makefile.am b/Makefile.am
index 8442d64..89922c0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -65,6 +65,7 @@ properties_libutils_la_SOURCES = \
shared/nm-service-defines.h
properties_libutils_la_CPPFLAGS = \
+ -DPREFIX=\""$(prefix)"\" \
-DNETWORKMANAGER_COMPILATION=NM_NETWORKMANAGER_COMPILATION_LIB_BASE \
-DNM_PLUGIN_DIR=\"$(NM_PLUGIN_DIR)\" \
$(common_CFLAGS) \
diff --git a/man/nm-settings-libreswan.5.in b/man/nm-settings-libreswan.5.in
index 3c08d63..0188432 100644
--- a/man/nm-settings-libreswan.5.in
+++ b/man/nm-settings-libreswan.5.in
@@ -73,7 +73,7 @@ When the 'leftcert' key is defined a default value of "%cert" is assumed.
this defines the certificate nickname of your certificate in the NSS database.
The certificate should be already installed in the NSS database.
.TP
-.I "leftxauthusername"
+.I "leftxauthusername" or "leftusername"
the username to be used during XAUTH authentication. If not specified, the
current user will be implicitly assumed. Corresponds to the Libreswan parameter
of the same name.
diff --git a/properties/nm-libreswan-editor-plugin.c b/properties/nm-libreswan-editor-plugin.c
index d6b63f2..9a2399a 100644
--- a/properties/nm-libreswan-editor-plugin.c
+++ b/properties/nm-libreswan-editor-plugin.c
@@ -182,6 +182,8 @@ import_from_file (NMVpnEditorPlugin *self,
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_RIGHT, &str[6]);
else if (g_str_has_prefix (str, "leftxauthusername="))
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER, &str[18]);
+ else if (g_str_has_prefix (str, "leftusername="))
+ nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME, &str[13]);
else if (g_str_has_prefix (str, "leftcert="))
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTCERT, &str[9]);
else if (g_str_has_prefix (str, "pfs=no"))
@@ -268,6 +270,8 @@ export_to_file (NMVpnEditorPlugin *self,
gboolean openswan = FALSE;
int fd, errsv;
gs_free_error GError *local = NULL;
+ gboolean is_openswan;
+ int version;
fd = g_open (path, O_WRONLY | O_CREAT, 0666);
if (fd == -1) {
@@ -281,7 +285,11 @@ export_to_file (NMVpnEditorPlugin *self,
if (s_vpn)
openswan = nm_streq (nm_setting_vpn_get_service_type (s_vpn), NM_VPN_SERVICE_TYPE_OPENSWAN);
+ nm_libreswan_detect_version (nm_libreswan_find_helper_bin ("ipsec", NULL),
+ &is_openswan, &version, NULL);
+
if (!nm_libreswan_config_write (fd,
+ version,
connection,
nm_connection_get_id (connection),
NULL,
diff --git a/properties/nm-libreswan-editor.c b/properties/nm-libreswan-editor.c
index 711570e..cdfbe15 100644
--- a/properties/nm-libreswan-editor.c
+++ b/properties/nm-libreswan-editor.c
@@ -278,6 +278,7 @@ get_widget (NMVpnEditor *iface)
/* Init the widget on the basis of its actual type.
* widget_name: the name of the widget
* key_name: the name of the key where the config value is stored
+ * alt_key_name:alternative name of the key
* match_value: used only for toggle_button and combo_box widgets; when matched
* in the former it will set the toggle button as active, in the latter
* will be used as a match for enabling the third index of possible values
@@ -288,6 +289,7 @@ init_widget (LibreswanEditor *self,
NMSettingVpn *s_vpn,
const char *widget_name,
const char *key_name,
+ const char *alt_key_name,
const char *match_value)
{
LibreswanEditorPrivate *priv = LIBRESWAN_EDITOR_GET_PRIVATE (self);
@@ -301,6 +303,8 @@ init_widget (LibreswanEditor *self,
gtk_size_group_add_widget (priv->group, GTK_WIDGET (widget));
if (s_vpn) {
value = nm_setting_vpn_get_data_item (s_vpn, key_name);
+ if (!value && alt_key_name)
+ value = nm_setting_vpn_get_data_item (s_vpn, alt_key_name);
if (value && *value) {
if (GTK_IS_ENTRY (widget)) {
gtk_entry_set_text (GTK_ENTRY (widget), value);
@@ -393,54 +397,57 @@ init_editor_plugin (LibreswanEditor *self,
(GCallback) show_toggled_cb,
self);
- widget_updated = init_widget (self, s_vpn, "gateway_entry", NM_LIBRESWAN_KEY_RIGHT, NULL);
+ widget_updated = init_widget (self, s_vpn, "gateway_entry", NM_LIBRESWAN_KEY_RIGHT, NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "user_entry", NM_LIBRESWAN_KEY_LEFTXAUTHUSER, NULL);
+ widget_updated = init_widget (self, s_vpn, "user_entry",
+ NM_LIBRESWAN_KEY_LEFTXAUTHUSER,
+ NM_LIBRESWAN_KEY_LEFTUSERNAME,
+ NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "group_entry", NM_LIBRESWAN_KEY_LEFTID, NULL);
+ widget_updated = init_widget (self, s_vpn, "group_entry", NM_LIBRESWAN_KEY_LEFTID, NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "cert_entry", NM_LIBRESWAN_KEY_LEFTCERT, NULL);
+ widget_updated = init_widget (self, s_vpn, "cert_entry", NM_LIBRESWAN_KEY_LEFTCERT, NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "remoteid_entry", NM_LIBRESWAN_KEY_RIGHTID, NULL);
+ widget_updated = init_widget (self, s_vpn, "remoteid_entry", NM_LIBRESWAN_KEY_RIGHTID, NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
/* Advanced Dialog */
- widget_updated = init_widget (self, s_vpn, "domain_entry", NM_LIBRESWAN_KEY_DOMAIN, NULL);
+ widget_updated = init_widget (self, s_vpn, "domain_entry", NM_LIBRESWAN_KEY_DOMAIN, NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "phase1_entry", NM_LIBRESWAN_KEY_IKE, NULL);
+ widget_updated = init_widget (self, s_vpn, "phase1_entry", NM_LIBRESWAN_KEY_IKE, NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "phase2_entry", NM_LIBRESWAN_KEY_ESP, NULL);
+ widget_updated = init_widget (self, s_vpn, "phase2_entry", NM_LIBRESWAN_KEY_ESP, NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "phase1_lifetime_entry", NM_LIBRESWAN_KEY_IKELIFETIME,
NULL);
+ widget_updated = init_widget (self, s_vpn, "phase1_lifetime_entry", NM_LIBRESWAN_KEY_IKELIFETIME,
NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "phase2_lifetime_entry", NM_LIBRESWAN_KEY_SALIFETIME,
NULL);
+ widget_updated = init_widget (self, s_vpn, "phase2_lifetime_entry", NM_LIBRESWAN_KEY_SALIFETIME,
NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "rekey_checkbutton", NM_LIBRESWAN_KEY_REKEY, "no");
+ widget_updated = init_widget (self, s_vpn, "rekey_checkbutton", NM_LIBRESWAN_KEY_REKEY, NULL, "no");
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "pfs_checkbutton", NM_LIBRESWAN_KEY_PFS, "no");
+ widget_updated = init_widget (self, s_vpn, "pfs_checkbutton", NM_LIBRESWAN_KEY_PFS, NULL, "no");
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "remote_network_entry", NM_LIBRESWAN_KEY_REMOTENETWORK,
NULL);
+ widget_updated = init_widget (self, s_vpn, "remote_network_entry", NM_LIBRESWAN_KEY_REMOTENETWORK,
NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "narrowing_checkbutton", NM_LIBRESWAN_KEY_NARROWING,
"yes");
+ widget_updated = init_widget (self, s_vpn, "narrowing_checkbutton", NM_LIBRESWAN_KEY_NARROWING, NULL,
"yes");
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "fragmentation_combo", NM_LIBRESWAN_KEY_FRAGMENTATION,
"force");
+ widget_updated = init_widget (self, s_vpn, "fragmentation_combo", NM_LIBRESWAN_KEY_FRAGMENTATION,
NULL, "force");
g_return_val_if_fail (widget_updated, FALSE);
- widget_updated = init_widget (self, s_vpn, "mobike_combo", NM_LIBRESWAN_KEY_MOBIKE, NULL);
+ widget_updated = init_widget (self, s_vpn, "mobike_combo", NM_LIBRESWAN_KEY_MOBIKE, NULL, NULL);
g_return_val_if_fail (widget_updated, FALSE);
priv->advanced_dialog = GTK_WIDGET (gtk_builder_get_object (priv->builder,
"libreswan-advanced-dialog"));
@@ -550,6 +557,8 @@ update_connection (NMVpnEditor *iface,
nm_setting_vpn_add_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTID, str);
/* User name*/
+ nm_setting_vpn_remove_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER);
+ nm_setting_vpn_remove_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME);
widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_entry"));
str = gtk_entry_get_text (GTK_ENTRY (widget));
if (str && *str)
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 1abd9ad..a01a00f 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -44,6 +44,7 @@
#define NM_LIBRESWAN_KEY_PSK_VALUE "pskvalue"
#define NM_LIBRESWAN_KEY_PSK_INPUT_MODES "pskinputmodes"
#define NM_LIBRESWAN_KEY_LEFTXAUTHUSER "leftxauthusername"
+#define NM_LIBRESWAN_KEY_LEFTUSERNAME "leftusername"
#define NM_LIBRESWAN_KEY_XAUTH_PASSWORD "xauthpassword"
#define NM_LIBRESWAN_KEY_XAUTH_PASSWORD_INPUT_MODES "xauthpasswordinputmodes"
#define NM_LIBRESWAN_KEY_DOMAIN "Domain"
diff --git a/shared/utils.c b/shared/utils.c
index 36af877..acb237f 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -89,6 +89,7 @@ write_config_option_newline (int fd,
gboolean
nm_libreswan_config_write (gint fd,
+ int ipsec_version,
NMConnection *connection,
const char *con_name,
const char *leftupdown_script,
@@ -217,12 +218,19 @@ nm_libreswan_config_write (gint fd,
default_username = nm_setting_vpn_get_user_name (s_vpn);
props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTXAUTHUSER);
+ if (!props_username)
+ props_username = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_LEFTUSERNAME);
if (props_username && strlen (props_username))
- WRITE_CHECK (fd, debug_write_fcn, error, " leftxauthusername=%s", props_username);
+ WRITE_CHECK (fd, debug_write_fcn, error,
+ ipsec_version >= 4 ? " leftusername=%s" : " leftxauthusername=%s",
+ props_username);
else if (default_username && strlen (default_username))
- WRITE_CHECK (fd, debug_write_fcn, error, " leftxauthusername=%s", default_username);
+ WRITE_CHECK (fd, debug_write_fcn, error,
+ ipsec_version >= 4 ? " leftusername=%s" : " leftxauthusername=%s",
+ default_username);
- WRITE_CHECK (fd, debug_write_fcn, error, " remote_peer_type=cisco");
+ WRITE_CHECK (fd, debug_write_fcn, error,
+ ipsec_version >= 4 ? " remote-peer-type=cisco" : " remote_peer_type=cisco");
WRITE_CHECK (fd, debug_write_fcn, error, " rightxauthserver=yes");
}
@@ -295,3 +303,117 @@ nm_libreswan_config_write (gint fd,
return TRUE;
}
+
+static const char *
+_find_helper (const char *progname, const char **paths, GError **error)
+{
+ const char **iter = paths;
+ GString *tmp;
+ const char *ret = NULL;
+
+ if (error)
+ g_return_val_if_fail (*error == NULL, NULL);
+
+ tmp = g_string_sized_new (50);
+ for (iter = paths; iter && *iter; iter++) {
+ g_string_append_printf (tmp, "%s%s", *iter, progname);
+ if (g_file_test (tmp->str, G_FILE_TEST_EXISTS)) {
+ ret = g_intern_string (tmp->str);
+ break;
+ }
+ g_string_set_size (tmp, 0);
+ }
+ g_string_free (tmp, TRUE);
+
+ if (!ret) {
+ g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
+ "Could not find %s binary",
+ progname);
+ }
+ return ret;
+}
+
+const char *
+nm_libreswan_find_helper_bin (const char *progname, GError **error)
+{
+ static const char *paths[] = {
+ PREFIX "/sbin/",
+ PREFIX "/bin/",
+ "/sbin/",
+ "/usr/sbin/",
+ "/usr/local/sbin/",
+ "/usr/bin/",
+ "/usr/local/bin/",
+ NULL,
+ };
+
+ return _find_helper (progname, paths, error);
+}
+
+const char *
+nm_libreswan_find_helper_libexec (const char *progname, GError **error)
+{
+ static const char *paths[] = {
+ PREFIX "/libexec/ipsec/",
+ PREFIX "/lib/ipsec/",
+ "/usr/libexec/ipsec/",
+ "/usr/local/libexec/ipsec/",
+ "/usr/lib/ipsec/",
+ "/usr/local/lib/ipsec/",
+ NULL,
+ };
+
+ return _find_helper (progname, paths, error);
+}
+
+void
+nm_libreswan_detect_version (const char *path, gboolean *out_is_openswan, int *out_version, char
**out_banner)
+{
+ const char *argv[] = { path, "--version", NULL };
+ gs_free char *output = NULL;
+ const char* v;
+
+ g_return_if_fail (out_is_openswan);
+ g_return_if_fail (out_version);
+
+ *out_is_openswan = FALSE;
+ *out_version = -1;
+
+ if (!path)
+ return;
+
+ g_spawn_sync (NULL, (char **) argv, NULL, 0, NULL, NULL, &output, NULL, NULL, NULL);
+
+ /*
+ * Examples:
+ * Linux Openswan 2.4.5 (klips)
+ * Linux Libreswan 3.32 (netkey) on 5.8.11-200.fc32.x86_64+debug
+ * Linux Libreswan U4.2rc1/K(no kernel code presently loaded) on 5.6.15-300.fc32.x86_64
+ */
+
+ if (output) {
+ v = strcasestr (output, "Openswan");
+ if (v) {
+ v = v + strlen ("Openswan");
+ *out_is_openswan = TRUE;
+ }
+
+ if (!v) {
+ v = strcasestr (output, "Libreswan");
+ if (v)
+ v = v + strlen ("Libreswan");
+ }
+
+ if (v) {
+ while (g_ascii_isspace (*v))
+ v++;
+ if (*v == 'U')
+ v++;
+ if (g_ascii_isdigit (*v))
+ *out_version = *v - '0';
+ }
+
+ if (out_banner)
+ *out_banner = g_steal_pointer (&output);
+ }
+}
diff --git a/shared/utils.h b/shared/utils.h
index b5d8f53..7e89841 100644
--- a/shared/utils.h
+++ b/shared/utils.h
@@ -37,6 +37,7 @@ gboolean write_config_option_newline (int fd,
gboolean
nm_libreswan_config_write (gint fd,
+ int ipsec_version,
NMConnection *connection,
const char *con_name,
const char *leftupdown_script,
@@ -60,4 +61,13 @@ nm_libreswan_utils_setting_is_ikev2 (NMSettingVpn *s_vpn, const char **out_ikev2
NM_LIBRESWAN_IKEV2_INSIST);
}
+void
+nm_libreswan_detect_version (const char *path,
+ gboolean *out_is_openswan,
+ int *out_version,
+ char **out_banner);
+
+const char *nm_libreswan_find_helper_bin (const char *progname, GError **error);
+const char *nm_libreswan_find_helper_libexec (const char *progname, GError **error);
+
#endif /* __UTILS_H__ */
diff --git a/src/nm-libreswan-service.c b/src/nm-libreswan-service.c
index 47175dc..3541125 100644
--- a/src/nm-libreswan-service.c
+++ b/src/nm-libreswan-service.c
@@ -106,6 +106,7 @@ typedef struct {
gboolean pending_auth;
gboolean managed;
gboolean xauth_enabled;
+ int version;
GPid pid;
guint watch_id;
@@ -252,6 +253,7 @@ static ValidProperty valid_properties[] = {
{ NM_LIBRESWAN_KEY_LEFT, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_LEFTID, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_LEFTXAUTHUSER, G_TYPE_STRING, 0, 0 },
+ { NM_LIBRESWAN_KEY_LEFTUSERNAME, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_LEFTRSASIGKEY, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_LEFTCERT, G_TYPE_STRING, 0, 0 },
{ NM_LIBRESWAN_KEY_DOMAIN, G_TYPE_STRING, 0, 0 },
@@ -413,68 +415,6 @@ unblock_quit (NMLibreswanPlugin *self)
static gboolean connect_step (NMLibreswanPlugin *self, GError **error);
-static const char *
-_find_helper (const char *progname, const char **paths, GError **error)
-{
- const char **iter = paths;
- GString *tmp;
- const char *ret = NULL;
-
- if (error)
- g_return_val_if_fail (*error == NULL, NULL);
-
- tmp = g_string_sized_new (50);
- for (iter = paths; iter && *iter; iter++) {
- g_string_append_printf (tmp, "%s%s", *iter, progname);
- if (g_file_test (tmp->str, G_FILE_TEST_EXISTS)) {
- ret = g_intern_string (tmp->str);
- break;
- }
- g_string_set_size (tmp, 0);
- }
- g_string_free (tmp, TRUE);
-
- if (!ret) {
- g_set_error (error, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
- "Could not find %s binary",
- progname);
- }
- return ret;
-}
-
-static const char *
-find_helper_bin (const char *progname, GError **error)
-{
- static const char *paths[] = {
- PREFIX "/sbin/",
- PREFIX "/bin/",
- "/sbin/",
- "/usr/sbin/",
- "/usr/local/sbin/",
- "/usr/bin/",
- "/usr/local/bin/",
- NULL,
- };
-
- return _find_helper (progname, paths, error);
-}
-
-static const char *
-find_helper_libexec (const char *progname, GError **error)
-{
- static const char *paths[] = {
- PREFIX "/libexec/ipsec/",
- PREFIX "/lib/ipsec/",
- "/usr/libexec/ipsec/",
- "/usr/local/libexec/ipsec/",
- "/usr/lib/ipsec/",
- "/usr/local/lib/ipsec/",
- NULL,
- };
-
- return _find_helper (progname, paths, error);
-}
-
static void
connect_cleanup (NMLibreswanPlugin *self)
{
@@ -1578,7 +1518,7 @@ connect_step (NMLibreswanPlugin *self, GError **error)
if (!priv->openswan) {
const char *stackman_path;
- stackman_path = find_helper_libexec ("_stackmanager", error);
+ stackman_path = nm_libreswan_find_helper_libexec ("_stackmanager", error);
if (!stackman_path)
return FALSE;
@@ -1650,6 +1590,7 @@ connect_step (NMLibreswanPlugin *self, GError **error)
bus_name);
if (!nm_libreswan_config_write (fd,
+ priv->version,
priv->connection,
uuid,
ifupdown_script,
@@ -1695,20 +1636,6 @@ connect_step (NMLibreswanPlugin *self, GError **error)
g_assert_not_reached ();
}
-static gboolean
-is_openswan (const char *path)
-{
- const char *argv[] = { path, NULL };
- gboolean openswan = FALSE;
- char *output = NULL;
-
- if (g_spawn_sync (NULL, (char **) argv, NULL, 0, NULL, NULL, &output, NULL, NULL, NULL)) {
- openswan = output && strcasestr (output, " Openswan ");
- g_free (output);
- }
- return openswan;
-}
-
static gboolean
_connect_common (NMVpnServicePlugin *plugin,
NMConnection *connection,
@@ -1719,22 +1646,26 @@ _connect_common (NMVpnServicePlugin *plugin,
NMLibreswanPluginPrivate *priv = NM_LIBRESWAN_PLUGIN_GET_PRIVATE (self);
NMSettingVpn *s_vpn;
const char *con_name = nm_connection_get_uuid (connection);
+ gs_free char *ipsec_banner = NULL;
if (_LOGD_enabled ()) {
_LOGD ("connection:");
nm_connection_dump (connection);
}
- priv->ipsec_path = find_helper_bin ("ipsec", error);
+ priv->ipsec_path = nm_libreswan_find_helper_bin ("ipsec", error);
if (!priv->ipsec_path)
return FALSE;
- priv->openswan = is_openswan (priv->ipsec_path);
+ nm_libreswan_detect_version (priv->ipsec_path, &priv->openswan, &priv->version, &ipsec_banner);
+ _LOGD ("ipsec: version banner: %s", ipsec_banner);
+ _LOGD ("ipsec: detected version %d (%s)", priv->version, priv->openswan ? "Openswan" : "Libreswan");
+
if (!priv->openswan) {
- priv->pluto_path = find_helper_libexec ("pluto", error);
+ priv->pluto_path = nm_libreswan_find_helper_libexec ("pluto", error);
if (!priv->pluto_path)
return FALSE;
- priv->whack_path = find_helper_libexec ("whack", error);
+ priv->whack_path = nm_libreswan_find_helper_libexec ("whack", error);
if (!priv->whack_path)
return FALSE;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
