summaryrefslogtreecommitdiff
path: root/src/charon-nm
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon-nm')
-rw-r--r--src/charon-nm/Makefile.in35
-rw-r--r--src/charon-nm/nm/nm_backend.c4
-rw-r--r--src/charon-nm/nm/nm_service.c64
-rw-r--r--src/charon-nm/nm/nm_service.h6
4 files changed, 93 insertions, 16 deletions
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 8416455ae..b5c4e3f45 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11.3 from Makefile.am.
+# Makefile.in generated by automake 1.11.6 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -16,6 +16,23 @@
@SET_MAKE@
VPATH = @srcdir@
+am__make_dryrun = \
+ { \
+ am__dry=no; \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
+ | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+ *) \
+ for am__flg in $$MAKEFLAGS; do \
+ case $$am__flg in \
+ *=*|--*) ;; \
+ *n*) am__dry=yes; break;; \
+ esac; \
+ done;; \
+ esac; \
+ test $$am__dry = yes; \
+ }
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -80,6 +97,11 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
$(LDFLAGS) -o $@
SOURCES = $(charon_nm_SOURCES)
DIST_SOURCES = $(charon_nm_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -96,6 +118,8 @@ BTLIB = @BTLIB@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
+CHECK_CFLAGS = @CHECK_CFLAGS@
+CHECK_LIBS = @CHECK_LIBS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
@@ -112,6 +136,7 @@ EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
GREP = @GREP@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
@@ -180,8 +205,6 @@ am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
-axis2c_CFLAGS = @axis2c_CFLAGS@
-axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -237,7 +260,6 @@ nm_ca_dir = @nm_ca_dir@
nm_plugins = @nm_plugins@
oldincludedir = @oldincludedir@
openac_plugins = @openac_plugins@
-p_plugins = @p_plugins@
pcsclite_CFLAGS = @pcsclite_CFLAGS@
pcsclite_LIBS = @pcsclite_LIBS@
pdfdir = @pdfdir@
@@ -332,8 +354,11 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(am__aclocal_m4_deps):
install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
@$(NORMAL_INSTALL)
- test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)"
@list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
+ fi; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
while read p p1; do if test -f $$p || test -f $$p1; \
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c
index 5bb2ed930..c18bf992a 100644
--- a/src/charon-nm/nm/nm_backend.c
+++ b/src/charon-nm/nm/nm_backend.c
@@ -173,6 +173,10 @@ void nm_backend_register()
PLUGIN_CALLBACK((plugin_feature_callback_t)nm_backend_cb, NULL),
PLUGIN_PROVIDE(CUSTOM, "NetworkManager backend"),
PLUGIN_DEPENDS(CUSTOM, "libcharon"),
+ PLUGIN_SDEPEND(PRIVKEY, KEY_RSA),
+ PLUGIN_SDEPEND(PRIVKEY, KEY_ECDSA),
+ PLUGIN_SDEPEND(CERT_DECODE, CERT_ANY),
+ PLUGIN_SDEPEND(CERT_DECODE, CERT_X509),
};
lib->plugins->add_static_features(lib->plugins, "nm-backend", features,
countof(features), TRUE);
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index eb187496d..901abd348 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2013 Tobias Brunner
* Copyright (C) 2008-2009 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -22,6 +23,7 @@
#include <utils/identification.h>
#include <config/peer_cfg.h>
#include <credentials/certificates/x509.h>
+#include <networking/tun_device.h>
#include <stdio.h>
@@ -41,6 +43,8 @@ typedef struct {
nm_creds_t *creds;
/* attribute handler for DNS/NBNS server information */
nm_handler_t *handler;
+ /* dummy TUN device */
+ tun_device_t *tun;
/* name of the connection */
char *name;
} NMStrongswanPluginPrivate;
@@ -80,23 +84,33 @@ static GValue* handler_to_val(nm_handler_t *handler,
static void signal_ipv4_config(NMVPNPlugin *plugin,
ike_sa_t *ike_sa, child_sa_t *child_sa)
{
+ NMStrongswanPluginPrivate *priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
GValue *val;
GHashTable *config;
+ enumerator_t *enumerator;
host_t *me;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
- me = ike_sa->get_my_host(ike_sa);
- handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
+ handler = priv->handler;
/* NM requires a tundev, but netkey does not use one. Passing the physical
- * interface does not work, as NM fiddles around with it. Passing the
- * loopback seems to work, though... */
+ * interface does not work, as NM fiddles around with it. So we pass a dummy
+ * TUN device along for NM to play with... */
val = g_slice_new0 (GValue);
g_value_init (val, G_TYPE_STRING);
- g_value_set_string (val, "lo");
+ g_value_set_string (val, priv->tun->get_name(priv->tun));
g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
+ /* NM installs this IP address on the interface above, so we use the VIP if
+ * we got one.
+ */
+ enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
+ if (!enumerator->enumerate(enumerator, &me))
+ {
+ me = ike_sa->get_my_host(ike_sa);
+ }
+ enumerator->destroy(enumerator);
val = g_slice_new0(GValue);
g_value_init(val, G_TYPE_UINT);
g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr);
@@ -107,6 +121,14 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
g_value_set_uint(val, me->get_address(me).len * 8);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
+ /* prevent NM from changing the default route. we set our own route in our
+ * own routing table
+ */
+ val = g_slice_new0(GValue);
+ g_value_init(val, G_TYPE_BOOLEAN);
+ g_value_set_boolean(val, TRUE);
+ g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT, val);
+
val = handler_to_val(handler, INTERNAL_IP4_DNS);
g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
@@ -303,6 +325,13 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
priv->name);
DBG4(DBG_CFG, "%s",
nm_setting_to_string(NM_SETTING(vpn)));
+ if (!priv->tun)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
+ "Failed to create dummy TUN device.");
+ gateway->destroy(gateway);
+ return FALSE;
+ }
address = nm_setting_vpn_get_data_item(vpn, "address");
if (!address || !*address)
{
@@ -501,7 +530,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0", FALSE,
charon->socket->get_port(charon->socket, FALSE),
(char*)address, FALSE, IKEV2_UDP_PORT,
- FRAGMENTATION_NO);
+ FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(priv->name, ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
@@ -680,6 +709,25 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin)
memset(&priv->listener, 0, sizeof(listener_t));
priv->listener.child_updown = child_updown;
priv->listener.ike_rekey = ike_rekey;
+ priv->tun = tun_device_create(NULL);
+ priv->name = NULL;
+}
+
+/**
+ * Destructor
+ */
+static void nm_strongswan_plugin_dispose(GObject *obj)
+{
+ NMStrongswanPlugin *plugin;
+ NMStrongswanPluginPrivate *priv;
+
+ plugin = NM_STRONGSWAN_PLUGIN(obj);
+ priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
+ if (priv->tun)
+ {
+ priv->tun->destroy(priv->tun);
+ priv->tun = NULL;
+ }
}
/**
@@ -695,6 +743,7 @@ static void nm_strongswan_plugin_class_init(
parent_class->connect = connect_;
parent_class->need_secrets = need_secrets;
parent_class->disconnect = disconnect;
+ G_OBJECT_CLASS(strongswan_class)->dispose = nm_strongswan_plugin_dispose;
}
/**
@@ -711,11 +760,10 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds,
{
NMStrongswanPluginPrivate *priv;
+ /* the rest of the initialization happened in _init above */
priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
priv->creds = creds;
priv->handler = handler;
- priv->name = NULL;
}
return plugin;
}
-
diff --git a/src/charon-nm/nm/nm_service.h b/src/charon-nm/nm/nm_service.h
index 828d1a452..0cb23e120 100644
--- a/src/charon-nm/nm/nm_service.h
+++ b/src/charon-nm/nm/nm_service.h
@@ -29,11 +29,11 @@
#include "nm_handler.h"
#define NM_TYPE_STRONGSWAN_PLUGIN (nm_strongswan_plugin_get_type ())
-#define NM_STRONGSWAN_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_STRONGSWAN_PLUGIN, NMSTRONGSWANPlugin))
-#define NM_STRONGSWAN_PLUGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_STRONGSWAN_PLUGIN, NMSTRONGSWANPluginClass))
+#define NM_STRONGSWAN_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_STRONGSWAN_PLUGIN, NMStrongswanPlugin))
+#define NM_STRONGSWAN_PLUGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_STRONGSWAN_PLUGIN, NMStrongswanPluginClass))
#define NM_IS_STRONGSWAN_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_STRONGSWAN_PLUGIN))
#define NM_IS_STRONGSWAN_PLUGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((obj), NM_TYPE_STRONGSWAN_PLUGIN))
-#define NM_STRONGSWAN_PLUGIN_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_STRONGSWAN_PLUGIN, NMSTRONGSWANPluginClass))
+#define NM_STRONGSWAN_PLUGIN_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_STRONGSWAN_PLUGIN, NMStrongswanPluginClass))
#define NM_DBUS_SERVICE_STRONGSWAN "org.freedesktop.NetworkManager.strongswan"
#define NM_DBUS_INTERFACE_STRONGSWAN "org.freedesktop.NetworkManager.strongswan"
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-30 20:11:30 +0000