summaryrefslogtreecommitdiff
path: root/src/charon/plugins/nm
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2009-03-22 10:06:21 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2009-03-22 10:06:21 +0000
commit7b88a5ce44f52abb13390c6c105bdd58a590a626 (patch)
treeabfb7e16a76d3d65af2c809c949b747a874e33fd /src/charon/plugins/nm
parent3c810543672b76a7c9b871420866f822f8b067d8 (diff)
downloadvyos-strongswan-7b88a5ce44f52abb13390c6c105bdd58a590a626.tar.gz
vyos-strongswan-7b88a5ce44f52abb13390c6c105bdd58a590a626.zip
- New upstream version.
Diffstat (limited to 'src/charon/plugins/nm')
-rw-r--r--src/charon/plugins/nm/nm_service.c80
1 files changed, 50 insertions, 30 deletions
diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c
index 1f2b6f723..72744b784 100644
--- a/src/charon/plugins/nm/nm_service.c
+++ b/src/charon/plugins/nm/nm_service.c
@@ -83,8 +83,8 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
*/
static void signal_failure(NMVPNPlugin *plugin)
{
- /* TODO: NM does not handle this failure!?
- nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); */
+ /* TODO: NM does not handle this failure!? */
+ nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED);
}
@@ -144,7 +144,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
nm_creds_t *creds;
NMSettingVPN *settings;
identification_t *user = NULL, *gateway;
- char *address, *str;
+ const char *address, *str;
bool virtual, encap, ipcomp;
ike_cfg_t *ike_cfg;
peer_cfg_t *peer_cfg;
@@ -164,20 +164,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
DBG4(DBG_CFG, "received NetworkManager connection: %s",
nm_setting_to_string(NM_SETTING(settings)));
- address = g_hash_table_lookup(settings->data, "address");
+ address = nm_setting_vpn_get_data_item(settings, "address");
if (!address || !*address)
{
g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
"Gateway address missing.");
return FALSE;
}
- str = g_hash_table_lookup(settings->data, "virtual");
+ str = nm_setting_vpn_get_data_item(settings, "virtual");
virtual = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "encap");
+ str = nm_setting_vpn_get_data_item(settings, "encap");
encap = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "ipcomp");
+ str = nm_setting_vpn_get_data_item(settings, "ipcomp");
ipcomp = str && streq(str, "yes");
- str = g_hash_table_lookup(settings->data, "method");
+ str = nm_setting_vpn_get_data_item(settings, "method");
if (str)
{
if (streq(str, "psk"))
@@ -202,7 +202,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
creds->clear(creds);
/* gateway cert */
- str = g_hash_table_lookup(settings->data, "certificate");
+ str = nm_setting_vpn_get_data_item(settings, "certificate");
if (str)
{
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
@@ -220,20 +220,20 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
if (auth_class == AUTH_CLASS_EAP)
{
/* username/password authentication ... */
- str = g_hash_table_lookup(settings->data, "user");
+ str = nm_setting_vpn_get_data_item(settings, "user");
if (str)
{
user = identification_create_from_encoding(ID_KEY_ID,
chunk_create(str, strlen(str)));
- str = g_hash_table_lookup(settings->secrets, "password");
- creds->set_username_password(creds, user, str);
+ str = nm_setting_vpn_get_secret(settings, "password");
+ creds->set_username_password(creds, user, (char*)str);
}
}
if (auth_class == AUTH_CLASS_PUBKEY)
{
/* ... or certificate/private key authenitcation */
- str = g_hash_table_lookup(settings->data, "usercert");
+ str = nm_setting_vpn_get_data_item(settings, "usercert");
if (str)
{
public_key_t *public;
@@ -241,10 +241,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_FROM_FILE, str, BUILD_END);
-
+ if (!cert)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Loading peer certificate failed.");
+ return FALSE;
+ }
/* try agent */
- str = g_hash_table_lookup(settings->secrets, "agent");
- if (agent && str && cert)
+ str = nm_setting_vpn_get_secret(settings, "agent");
+ if (agent && str)
{
public = cert->get_public_key(cert);
if (public)
@@ -256,25 +262,38 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
BUILD_END);
public->destroy(public);
}
+ if (!private)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Connecting to SSH agent failed.");
+ }
}
/* ... or key file */
- str = g_hash_table_lookup(settings->data, "userkey");
- if (!agent && str && cert)
+ str = nm_setting_vpn_get_data_item(settings, "userkey");
+ if (!agent && str)
{
chunk_t secret, chunk;
bool pgp = FALSE;
- secret.ptr = g_hash_table_lookup(settings->secrets, "password");
+ secret.ptr = (char*)nm_setting_vpn_get_secret(settings,
+ "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
}
- if (pem_asn1_load_file(str, &secret, &chunk, &pgp))
+ if (pem_asn1_load_file((char*)str, &secret, &chunk, &pgp))
{
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
KEY_RSA, BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
free(chunk.ptr);
}
+ if (!private)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "Loading private key failed.");
+ }
}
if (private)
{
@@ -285,8 +304,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
else
{
DESTROY_IF(cert);
- g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
- "Loading user certificate/private key failed.");
return FALSE;
}
}
@@ -302,7 +319,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
/**
* Set up configurations
*/
- ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", address);
+ ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg,
user, gateway->clone(gateway),
@@ -367,40 +384,40 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection,
char **setting_name, GError **error)
{
NMSettingVPN *settings;
- char *method, *path;
+ const char *method, *path;
chunk_t secret = chunk_empty, key;
bool pgp = FALSE;
settings = NM_SETTING_VPN(nm_connection_get_setting(connection,
NM_TYPE_SETTING_VPN));
- method = g_hash_table_lookup(settings->data, "method");
+ method = nm_setting_vpn_get_data_item(settings, "method");
if (method)
{
if (streq(method, "eap"))
{
- if (g_hash_table_lookup(settings->secrets, "password"))
+ if (nm_setting_vpn_get_secret(settings, "password"))
{
return FALSE;
}
}
else if (streq(method, "agent"))
{
- if (g_hash_table_lookup(settings->secrets, "agent"))
+ if (nm_setting_vpn_get_secret(settings, "agent"))
{
return FALSE;
}
}
else if (streq(method, "key"))
{
- path = g_hash_table_lookup(settings->data, "userkey");
+ path = nm_setting_vpn_get_data_item(settings, "userkey");
if (path)
{
- secret.ptr = g_hash_table_lookup(settings->secrets, "password");
+ secret.ptr = (char*)nm_setting_vpn_get_secret(settings, "password");
if (secret.ptr)
{
secret.len = strlen(secret.ptr);
}
- if (pem_asn1_load_file(path, &secret, &key, &pgp))
+ if (pem_asn1_load_file((char*)path, &secret, &key, &pgp))
{
free(key.ptr);
return FALSE;
@@ -434,6 +451,9 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err)
}
}
enumerator->destroy(enumerator);
+
+ g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL,
+ "Connection not found.");
return FALSE;
}