summaryrefslogtreecommitdiff
path: root/src/charon-nm/nm
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-10-20 16:18:38 +0200
committerYves-Alexis Perez <corsac@debian.org>2016-10-20 16:18:38 +0200
commit25663e04c3ab01ef8dc9f906608282319cfea2db (patch)
treea0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /src/charon-nm/nm
parentbf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff)
downloadvyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz
vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip
New upstream version 5.5.1
Diffstat (limited to 'src/charon-nm/nm')
-rw-r--r--src/charon-nm/nm/nm_service.c56
1 files changed, 19 insertions, 37 deletions
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index 5991c2465..571c0edba 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -23,7 +23,6 @@
#include <utils/identification.h>
#include <config/peer_cfg.h>
#include <credentials/certificates/x509.h>
-#include <networking/tun_device.h>
#include <stdio.h>
@@ -43,8 +42,6 @@ typedef struct {
nm_creds_t *creds;
/* attribute handler for DNS/NBNS server information */
nm_handler_t *handler;
- /* dummy TUN device */
- tun_device_t *tun;
/* name of the connection */
char *name;
} NMStrongswanPluginPrivate;
@@ -88,19 +85,18 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
GValue *val;
GHashTable *config;
enumerator_t *enumerator;
- host_t *me;
+ host_t *me, *other;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
handler = priv->handler;
- /* NM requires a tundev, but netkey does not use one. Passing the physical
- * interface does not work, as NM fiddles around with it. So we pass a dummy
- * TUN device along for NM to play with... */
+ /* NM apparently requires to know the gateway */
val = g_slice_new0 (GValue);
- g_value_init (val, G_TYPE_STRING);
- g_value_set_string (val, priv->tun->get_name(priv->tun));
- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
+ g_value_init (val, G_TYPE_UINT);
+ other = ike_sa->get_other_host(ike_sa);
+ g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr);
+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val);
/* NM installs this IP address on the interface above, so we use the VIP if
* we got one.
@@ -336,12 +332,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
priv->name);
DBG4(DBG_CFG, "%s",
nm_setting_to_string(NM_SETTING(vpn)));
- if (!priv->tun)
- {
- g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
- "Failed to create dummy TUN device.");
- return FALSE;
- }
address = nm_setting_vpn_get_data_item(vpn, "address");
if (!address || !*address)
{
@@ -406,7 +396,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
else
{
/* no certificate defined, fall back to system-wide CA certificates */
- priv->creds->load_ca_dir(priv->creds, NM_CA_DIR);
+ priv->creds->load_ca_dir(priv->creds, lib->settings->get_str(
+ lib->settings, "charon-nm.ca_dir", NM_CA_DIR));
}
if (!gateway)
{
@@ -428,6 +419,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
{
user = identification_create_from_string((char*)str);
str = nm_setting_vpn_get_secret(vpn, "password");
+ if (auth_class == AUTH_CLASS_PSK &&
+ strlen(str) < 20)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "pre-shared key is too short.");
+ gateway->destroy(gateway);
+ user->destroy(user);
+ return FALSE;
+ }
priv->creds->set_username_password(priv->creds, user, (char*)str);
}
}
@@ -538,7 +539,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0",
charon->socket->get_port(charon->socket, FALSE),
(char*)address, IKEV2_UDP_PORT,
- FRAGMENTATION_NO, 0);
+ FRAGMENTATION_YES, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
@@ -722,28 +723,10 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin)
memset(&priv->listener, 0, sizeof(listener_t));
priv->listener.child_updown = child_updown;
priv->listener.ike_rekey = ike_rekey;
- priv->tun = tun_device_create(NULL);
priv->name = NULL;
}
/**
- * Destructor
- */
-static void nm_strongswan_plugin_dispose(GObject *obj)
-{
- NMStrongswanPlugin *plugin;
- NMStrongswanPluginPrivate *priv;
-
- plugin = NM_STRONGSWAN_PLUGIN(obj);
- priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
- if (priv->tun)
- {
- priv->tun->destroy(priv->tun);
- priv->tun = NULL;
- }
-}
-
-/**
* Class constructor
*/
static void nm_strongswan_plugin_class_init(
@@ -756,7 +739,6 @@ static void nm_strongswan_plugin_class_init(
parent_class->connect = connect_;
parent_class->need_secrets = need_secrets;
parent_class->disconnect = disconnect;
- G_OBJECT_CLASS(strongswan_class)->dispose = nm_strongswan_plugin_dispose;
}
/**