diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
commit | 25663e04c3ab01ef8dc9f906608282319cfea2db (patch) | |
tree | a0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /src/charon-nm/nm | |
parent | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff) | |
download | vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip |
New upstream version 5.5.1
Diffstat (limited to 'src/charon-nm/nm')
-rw-r--r-- | src/charon-nm/nm/nm_service.c | 56 |
1 files changed, 19 insertions, 37 deletions
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 5991c2465..571c0edba 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -23,7 +23,6 @@ #include <utils/identification.h> #include <config/peer_cfg.h> #include <credentials/certificates/x509.h> -#include <networking/tun_device.h> #include <stdio.h> @@ -43,8 +42,6 @@ typedef struct { nm_creds_t *creds; /* attribute handler for DNS/NBNS server information */ nm_handler_t *handler; - /* dummy TUN device */ - tun_device_t *tun; /* name of the connection */ char *name; } NMStrongswanPluginPrivate; @@ -88,19 +85,18 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, GValue *val; GHashTable *config; enumerator_t *enumerator; - host_t *me; + host_t *me, *other; nm_handler_t *handler; config = g_hash_table_new(g_str_hash, g_str_equal); handler = priv->handler; - /* NM requires a tundev, but netkey does not use one. Passing the physical - * interface does not work, as NM fiddles around with it. So we pass a dummy - * TUN device along for NM to play with... */ + /* NM apparently requires to know the gateway */ val = g_slice_new0 (GValue); - g_value_init (val, G_TYPE_STRING); - g_value_set_string (val, priv->tun->get_name(priv->tun)); - g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val); + g_value_init (val, G_TYPE_UINT); + other = ike_sa->get_other_host(ike_sa); + g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr); + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val); /* NM installs this IP address on the interface above, so we use the VIP if * we got one. @@ -336,12 +332,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, priv->name); DBG4(DBG_CFG, "%s", nm_setting_to_string(NM_SETTING(vpn))); - if (!priv->tun) - { - g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED, - "Failed to create dummy TUN device."); - return FALSE; - } address = nm_setting_vpn_get_data_item(vpn, "address"); if (!address || !*address) { @@ -406,7 +396,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, else { /* no certificate defined, fall back to system-wide CA certificates */ - priv->creds->load_ca_dir(priv->creds, NM_CA_DIR); + priv->creds->load_ca_dir(priv->creds, lib->settings->get_str( + lib->settings, "charon-nm.ca_dir", NM_CA_DIR)); } if (!gateway) { @@ -428,6 +419,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { user = identification_create_from_string((char*)str); str = nm_setting_vpn_get_secret(vpn, "password"); + if (auth_class == AUTH_CLASS_PSK && + strlen(str) < 20) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "pre-shared key is too short."); + gateway->destroy(gateway); + user->destroy(user); + return FALSE; + } priv->creds->set_username_password(priv->creds, user, (char*)str); } } @@ -538,7 +539,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0", charon->socket->get_port(charon->socket, FALSE), (char*)address, IKEV2_UDP_PORT, - FRAGMENTATION_NO, 0); + FRAGMENTATION_YES, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); @@ -722,28 +723,10 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin) memset(&priv->listener, 0, sizeof(listener_t)); priv->listener.child_updown = child_updown; priv->listener.ike_rekey = ike_rekey; - priv->tun = tun_device_create(NULL); priv->name = NULL; } /** - * Destructor - */ -static void nm_strongswan_plugin_dispose(GObject *obj) -{ - NMStrongswanPlugin *plugin; - NMStrongswanPluginPrivate *priv; - - plugin = NM_STRONGSWAN_PLUGIN(obj); - priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin); - if (priv->tun) - { - priv->tun->destroy(priv->tun); - priv->tun = NULL; - } -} - -/** * Class constructor */ static void nm_strongswan_plugin_class_init( @@ -756,7 +739,6 @@ static void nm_strongswan_plugin_class_init( parent_class->connect = connect_; parent_class->need_secrets = need_secrets; parent_class->disconnect = disconnect; - G_OBJECT_CLASS(strongswan_class)->dispose = nm_strongswan_plugin_dispose; } /** |