summaryrefslogtreecommitdiff
path: root/src/charon-nm
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon-nm')
-rw-r--r--src/charon-nm/Makefile.am5
-rw-r--r--src/charon-nm/Makefile.in83
-rw-r--r--src/charon-nm/nm-strongswan-service.conf15
-rw-r--r--src/charon-nm/nm/nm_service.c56
4 files changed, 108 insertions, 51 deletions
diff --git a/src/charon-nm/Makefile.am b/src/charon-nm/Makefile.am
index 6ab7f27c5..4abfc743a 100644
--- a/src/charon-nm/Makefile.am
+++ b/src/charon-nm/Makefile.am
@@ -22,3 +22,8 @@ charon_nm_LDADD = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(top_builddir)/src/libcharon/libcharon.la \
-lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS}
+
+dbusservicedir = $(sysconfdir)/dbus-1/system.d
+dbusservice_DATA = nm-strongswan-service.conf
+
+EXTRA_DIST = $(dbusservice_DATA)
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 715412ad2..7f05b359c 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -14,6 +14,7 @@
@SET_MAKE@
+
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
@@ -108,7 +109,8 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(ipsecdir)"
+am__installdirs = "$(DESTDIR)$(ipsecdir)" \
+ "$(DESTDIR)$(dbusservicedir)"
PROGRAMS = $(ipsec_PROGRAMS)
am__dirstamp = $(am__leading_dot)dirstamp
am_charon_nm_OBJECTS = charon-nm.$(OBJEXT) nm/nm_backend.$(OBJEXT) \
@@ -166,6 +168,34 @@ am__can_run_installinfo = \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+DATA = $(dbusservice_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -326,7 +356,6 @@ clearsilver_LIBS = @clearsilver_LIBS@
cmd_plugins = @cmd_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
-dbusservicedir = @dbusservicedir@
dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
@@ -360,8 +389,6 @@ libiptc_LIBS = @libiptc_LIBS@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
-maemo_CFLAGS = @maemo_CFLAGS@
-maemo_LIBS = @maemo_LIBS@
manager_plugins = @manager_plugins@
mandir = @mandir@
medsrv_plugins = @medsrv_plugins@
@@ -415,6 +442,8 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+tss2_CFLAGS = @tss2_CFLAGS@
+tss2_LIBS = @tss2_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
@@ -441,6 +470,9 @@ charon_nm_LDADD = \
$(top_builddir)/src/libcharon/libcharon.la \
-lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS}
+dbusservicedir = $(sysconfdir)/dbus-1/system.d
+dbusservice_DATA = nm-strongswan-service.conf
+EXTRA_DIST = $(dbusservice_DATA)
all: all-am
.SUFFIXES:
@@ -583,6 +615,27 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
+install-dbusserviceDATA: $(dbusservice_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(dbusservicedir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(dbusservicedir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbusservicedir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(dbusservicedir)" || exit $$?; \
+ done
+
+uninstall-dbusserviceDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dbusservice_DATA)'; test -n "$(dbusservicedir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(dbusservicedir)'; $(am__uninstall_files_from_dir)
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
@@ -668,9 +721,9 @@ distdir: $(DISTFILES)
done
check-am: all-am
check: check-am
-all-am: Makefile $(PROGRAMS)
+all-am: Makefile $(PROGRAMS) $(DATA)
installdirs:
- for dir in "$(DESTDIR)$(ipsecdir)"; do \
+ for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(dbusservicedir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -728,7 +781,7 @@ info: info-am
info-am:
-install-data-am: install-ipsecPROGRAMS
+install-data-am: install-dbusserviceDATA install-ipsecPROGRAMS
install-dvi: install-dvi-am
@@ -774,7 +827,7 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-ipsecPROGRAMS
+uninstall-am: uninstall-dbusserviceDATA uninstall-ipsecPROGRAMS
.MAKE: install-am install-strip
@@ -783,14 +836,16 @@ uninstall-am: uninstall-ipsecPROGRAMS
distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-ipsecPROGRAMS install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
+ install-data-am install-dbusserviceDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS
+ tags tags-am uninstall uninstall-am uninstall-dbusserviceDATA \
+ uninstall-ipsecPROGRAMS
.PRECIOUS: Makefile
diff --git a/src/charon-nm/nm-strongswan-service.conf b/src/charon-nm/nm-strongswan-service.conf
new file mode 100644
index 000000000..a630f3407
--- /dev/null
+++ b/src/charon-nm/nm-strongswan-service.conf
@@ -0,0 +1,15 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_interface="org.freedesktop.NetworkManager.strongswan"/>
+ </policy>
+ <policy context="default">
+ <deny own="org.freedesktop.NetworkManager.strongswan"/>
+ <deny send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ </policy>
+</busconfig>
+
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index 5991c2465..571c0edba 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -23,7 +23,6 @@
#include <utils/identification.h>
#include <config/peer_cfg.h>
#include <credentials/certificates/x509.h>
-#include <networking/tun_device.h>
#include <stdio.h>
@@ -43,8 +42,6 @@ typedef struct {
nm_creds_t *creds;
/* attribute handler for DNS/NBNS server information */
nm_handler_t *handler;
- /* dummy TUN device */
- tun_device_t *tun;
/* name of the connection */
char *name;
} NMStrongswanPluginPrivate;
@@ -88,19 +85,18 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
GValue *val;
GHashTable *config;
enumerator_t *enumerator;
- host_t *me;
+ host_t *me, *other;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
handler = priv->handler;
- /* NM requires a tundev, but netkey does not use one. Passing the physical
- * interface does not work, as NM fiddles around with it. So we pass a dummy
- * TUN device along for NM to play with... */
+ /* NM apparently requires to know the gateway */
val = g_slice_new0 (GValue);
- g_value_init (val, G_TYPE_STRING);
- g_value_set_string (val, priv->tun->get_name(priv->tun));
- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
+ g_value_init (val, G_TYPE_UINT);
+ other = ike_sa->get_other_host(ike_sa);
+ g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr);
+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val);
/* NM installs this IP address on the interface above, so we use the VIP if
* we got one.
@@ -336,12 +332,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
priv->name);
DBG4(DBG_CFG, "%s",
nm_setting_to_string(NM_SETTING(vpn)));
- if (!priv->tun)
- {
- g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
- "Failed to create dummy TUN device.");
- return FALSE;
- }
address = nm_setting_vpn_get_data_item(vpn, "address");
if (!address || !*address)
{
@@ -406,7 +396,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
else
{
/* no certificate defined, fall back to system-wide CA certificates */
- priv->creds->load_ca_dir(priv->creds, NM_CA_DIR);
+ priv->creds->load_ca_dir(priv->creds, lib->settings->get_str(
+ lib->settings, "charon-nm.ca_dir", NM_CA_DIR));
}
if (!gateway)
{
@@ -428,6 +419,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
{
user = identification_create_from_string((char*)str);
str = nm_setting_vpn_get_secret(vpn, "password");
+ if (auth_class == AUTH_CLASS_PSK &&
+ strlen(str) < 20)
+ {
+ g_set_error(err, NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
+ "pre-shared key is too short.");
+ gateway->destroy(gateway);
+ user->destroy(user);
+ return FALSE;
+ }
priv->creds->set_username_password(priv->creds, user, (char*)str);
}
}
@@ -538,7 +539,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0",
charon->socket->get_port(charon->socket, FALSE),
(char*)address, IKEV2_UDP_PORT,
- FRAGMENTATION_NO, 0);
+ FRAGMENTATION_YES, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
@@ -722,28 +723,10 @@ static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin)
memset(&priv->listener, 0, sizeof(listener_t));
priv->listener.child_updown = child_updown;
priv->listener.ike_rekey = ike_rekey;
- priv->tun = tun_device_create(NULL);
priv->name = NULL;
}
/**
- * Destructor
- */
-static void nm_strongswan_plugin_dispose(GObject *obj)
-{
- NMStrongswanPlugin *plugin;
- NMStrongswanPluginPrivate *priv;
-
- plugin = NM_STRONGSWAN_PLUGIN(obj);
- priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
- if (priv->tun)
- {
- priv->tun->destroy(priv->tun);
- priv->tun = NULL;
- }
-}
-
-/**
* Class constructor
*/
static void nm_strongswan_plugin_class_init(
@@ -756,7 +739,6 @@ static void nm_strongswan_plugin_class_init(
parent_class->connect = connect_;
parent_class->need_secrets = need_secrets;
parent_class->disconnect = disconnect;
- G_OBJECT_CLASS(strongswan_class)->dispose = nm_strongswan_plugin_dispose;
}
/**
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 05:47:03 +0000