4 files changed, 25 insertions, 21 deletions

diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index c204c8c3a..955d15313 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -192,8 +192,6 @@ BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
-CHECK_CFLAGS = @CHECK_CFLAGS@
-CHECK_LIBS = @CHECK_LIBS@
 COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
 COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
 CPP = @CPP@
@@ -261,6 +259,11 @@ PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
 PTHREADLIB = @PTHREADLIB@
+PYTHON = @PYTHON@
+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
+PYTHON_PLATFORM = @PYTHON_PLATFORM@
+PYTHON_PREFIX = @PYTHON_PREFIX@
+PYTHON_VERSION = @PYTHON_VERSION@
 RANLIB = @RANLIB@
 RTLIB = @RTLIB@
 RUBY = @RUBY@
@@ -349,12 +352,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@
 pcsclite_LIBS = @pcsclite_LIBS@
 pdfdir = @pdfdir@
 piddir = @piddir@
+pkgpyexecdir = @pkgpyexecdir@
+pkgpythondir = @pkgpythondir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+pyexecdir = @pyexecdir@
+pythondir = @pythondir@
 random_device = @random_device@
 resolv_conf = @resolv_conf@
 routing_table = @routing_table@
@@ -369,6 +376,7 @@ soup_LIBS = @soup_LIBS@
 srcdir = @srcdir@
 starter_plugins = @starter_plugins@
 strongswan_conf = @strongswan_conf@
+strongswan_options = @strongswan_options@
 sysconfdir = @sysconfdir@
 systemdsystemunitdir = @systemdsystemunitdir@
 t_plugins = @t_plugins@
diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c
index 9ce6dbaeb..32cec36ec 100644
--- a/src/charon-nm/charon-nm.c
+++ b/src/charon-nm/charon-nm.c
@@ -161,7 +161,7 @@ int main(int argc, char *argv[])
 	dbg = dbg_syslog;
 
 	/* initialize library */
-	if (!library_init(NULL))
+	if (!library_init(NULL, "charon-nm"))
 	{
 		library_deinit();
 		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
@@ -175,7 +175,7 @@ int main(int argc, char *argv[])
 		exit(SS_RC_DAEMON_INTEGRITY);
 	}
 
-	if (!libhydra_init("charon-nm"))
+	if (!libhydra_init())
 	{
 		dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm");
 		libhydra_deinit();
@@ -183,7 +183,7 @@ int main(int argc, char *argv[])
 		exit(SS_RC_INITIALIZATION_FAILED);
 	}
 
-	if (!libcharon_init("charon-nm"))
+	if (!libcharon_init())
 	{
 		dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm");
 		goto deinit;
diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c
index f474dad60..ebebde2c0 100644
--- a/src/charon-nm/nm/nm_backend.c
+++ b/src/charon-nm/nm/nm_backend.c
@@ -22,10 +22,6 @@
 #include <daemon.h>
 #include <processing/jobs/callback_job.h>
 
-#ifndef CAP_DAC_OVERRIDE
-#define CAP_DAC_OVERRIDE 1
-#endif
-
 typedef struct nm_backend_t nm_backend_t;
 
 /**
@@ -143,14 +139,6 @@ static bool nm_backend_init()
 		return FALSE;
 	}
 
-	/* bypass file permissions to read from users ssh-agent */
-	if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE))
-	{
-		DBG1(DBG_CFG, "NM backend requires CAP_DAC_OVERRIDE capability");
-		nm_backend_deinit();
-		return FALSE;
-	}
-
 	lib->processor->queue_job(lib->processor,
 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this,
 				NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL));
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index f37367532..f0daff61e 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -412,9 +412,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 		loose_gateway_id = TRUE;
 	}
 
-	if (auth_class == AUTH_CLASS_EAP)
+	if (auth_class == AUTH_CLASS_EAP ||
+		auth_class == AUTH_CLASS_PSK)
 	{
-		/* username/password authentication ... */
+		/* username/password or PSK authentication ... */
 		str = nm_setting_vpn_get_data_item(vpn, "user");
 		if (str)
 		{
@@ -548,7 +549,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 	auth->add(auth, AUTH_RULE_IDENTITY, user);
 	peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
 	auth = auth_cfg_create();
-	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+	if (auth_class == AUTH_CLASS_PSK)
+	{
+		auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
+	}
+	else
+	{
+		auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+	}
 	auth->add(auth, AUTH_RULE_IDENTITY, gateway);
 	auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id);
 	peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
@@ -623,7 +631,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection,
 	method = nm_setting_vpn_get_data_item(settings, "method");
 	if (method)
 	{
-		if (streq(method, "eap"))
+		if (streq(method, "eap") || streq(method, "psk"))
 		{
 			if (nm_setting_vpn_get_secret(settings, "password"))
 			{