diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2016-07-16 15:19:53 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2016-07-16 15:19:53 +0200 |
| commit | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch) | |
| tree | 0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/charon-nm | |
| parent | 518dd33c94e041db0444c7d1f33da363bb8e3faf (diff) | |
| download | vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip | |
Imported Upstream version 5.5.0
Diffstat (limited to 'src/charon-nm')
| -rw-r--r-- | src/charon-nm/Makefile.am | 2 | ||||
| -rw-r--r-- | src/charon-nm/Makefile.in | 31 | ||||
| -rw-r--r-- | src/charon-nm/nm/nm_service.c | 84 |
3 files changed, 66 insertions, 51 deletions
diff --git a/src/charon-nm/Makefile.am b/src/charon-nm/Makefile.am index b6f0c8b54..6ab7f27c5 100644 --- a/src/charon-nm/Makefile.am +++ b/src/charon-nm/Makefile.am @@ -21,4 +21,4 @@ AM_CFLAGS = \ charon_nm_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) ${nm_LIBS} + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS} diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 490a08023..715412ad2 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = charon-nm$(EXEEXT) subdir = src/charon-nm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -111,7 +120,7 @@ charon_nm_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -176,12 +185,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -231,6 +242,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -265,6 +277,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -376,6 +389,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -425,7 +439,7 @@ AM_CFLAGS = \ charon_nm_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) ${nm_LIBS} + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS} all: all-am @@ -443,7 +457,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-nm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-nm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index fc7e89958..5991c2465 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -68,7 +68,7 @@ static GValue* handler_to_val(nm_handler_t *handler, array = g_array_new (FALSE, TRUE, sizeof (guint32)); while (enumerator->enumerate(enumerator, &chunk)) { - g_array_append_val (array, *(u_int32_t*)chunk.ptr); + g_array_append_val (array, *(uint32_t*)chunk.ptr); } enumerator->destroy(enumerator); val = g_slice_new0 (GValue); @@ -113,7 +113,7 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, enumerator->destroy(enumerator); val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); - g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr); + g_value_set_uint(val, *(uint32_t*)me->get_address(me).ptr); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); val = g_slice_new0(GValue); @@ -289,7 +289,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, NMSettingVPN *vpn; identification_t *user = NULL, *gateway = NULL; const char *address, *str; - bool virtual, encap, ipcomp; + bool virtual, encap; ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -300,12 +300,23 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, certificate_t *cert = NULL; x509_t *x509; bool agent = FALSE, smartcard = FALSE, loose_gateway_id = FALSE; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800 /* 3h */, - .rekey = 10200 /* 2h50min */, - .jitter = 300 /* 5min */ - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 10800 /* 3h */, + .rekey = 10200 /* 2h50min */, + .jitter = 300 /* 5min */ + }, + }, + .mode = MODE_TUNNEL, }; /** @@ -339,32 +350,29 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, return FALSE; } str = nm_setting_vpn_get_data_item(vpn, "virtual"); - virtual = str && streq(str, "yes"); + virtual = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "encap"); - encap = str && streq(str, "yes"); + encap = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "ipcomp"); - ipcomp = str && streq(str, "yes"); + child.ipcomp = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "method"); - if (str) + if (streq(str, "psk")) { - if (streq(str, "psk")) - { - auth_class = AUTH_CLASS_PSK; - } - else if (streq(str, "agent")) - { - auth_class = AUTH_CLASS_PUBKEY; - agent = TRUE; - } - else if (streq(str, "key")) - { - auth_class = AUTH_CLASS_PUBKEY; - } - else if (streq(str, "smartcard")) - { - auth_class = AUTH_CLASS_PUBKEY; - smartcard = TRUE; - } + auth_class = AUTH_CLASS_PSK; + } + else if (streq(str, "agent")) + { + auth_class = AUTH_CLASS_PUBKEY; + agent = TRUE; + } + else if (streq(str, "key")) + { + auth_class = AUTH_CLASS_PUBKEY; + } + else if (streq(str, "smartcard")) + { + auth_class = AUTH_CLASS_PUBKEY; + smartcard = TRUE; } /** @@ -533,13 +541,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create(priv->name, ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 0, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + + peer_cfg = peer_cfg_create(priv->name, ike_cfg, &peer); if (virtual) { peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); @@ -561,10 +564,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(priv->name, &lifetime, - NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ - ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(priv->name, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); |