diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2014-03-11 20:48:48 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2014-03-11 20:48:48 +0100 |
| commit | 15fb7904f4431a6e7c305fd08732458f7f885e7e (patch) | |
| tree | c93b60ee813af70509f00f34e29ebec311762427 /src/charon-nm/nm | |
| parent | 5313d2d78ca150515f7f5eb39801c100690b6b29 (diff) | |
| download | vyos-strongswan-15fb7904f4431a6e7c305fd08732458f7f885e7e.tar.gz vyos-strongswan-15fb7904f4431a6e7c305fd08732458f7f885e7e.zip | |
Imported Upstream version 5.1.2
Diffstat (limited to 'src/charon-nm/nm')
| -rw-r--r-- | src/charon-nm/nm/nm_backend.c | 12 | ||||
| -rw-r--r-- | src/charon-nm/nm/nm_service.c | 16 |
2 files changed, 12 insertions, 16 deletions
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c index f474dad60..ebebde2c0 100644 --- a/src/charon-nm/nm/nm_backend.c +++ b/src/charon-nm/nm/nm_backend.c @@ -22,10 +22,6 @@ #include <daemon.h> #include <processing/jobs/callback_job.h> -#ifndef CAP_DAC_OVERRIDE -#define CAP_DAC_OVERRIDE 1 -#endif - typedef struct nm_backend_t nm_backend_t; /** @@ -143,14 +139,6 @@ static bool nm_backend_init() return FALSE; } - /* bypass file permissions to read from users ssh-agent */ - if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE)) - { - DBG1(DBG_CFG, "NM backend requires CAP_DAC_OVERRIDE capability"); - nm_backend_deinit(); - return FALSE; - } - lib->processor->queue_job(lib->processor, (job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this, NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL)); diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index f37367532..f0daff61e 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -412,9 +412,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, loose_gateway_id = TRUE; } - if (auth_class == AUTH_CLASS_EAP) + if (auth_class == AUTH_CLASS_EAP || + auth_class == AUTH_CLASS_PSK) { - /* username/password authentication ... */ + /* username/password or PSK authentication ... */ str = nm_setting_vpn_get_data_item(vpn, "user"); if (str) { @@ -548,7 +549,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_IDENTITY, user); peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); auth = auth_cfg_create(); - auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + if (auth_class == AUTH_CLASS_PSK) + { + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); + } + else + { + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + } auth->add(auth, AUTH_RULE_IDENTITY, gateway); auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); @@ -623,7 +631,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, method = nm_setting_vpn_get_data_item(settings, "method"); if (method) { - if (streq(method, "eap")) + if (streq(method, "eap") || streq(method, "psk")) { if (nm_setting_vpn_get_secret(settings, "password")) { |