diff options
Diffstat (limited to 'src/charon/plugins/nm')
| -rw-r--r-- | src/charon/plugins/nm/Makefile.am | 5 | ||||
| -rw-r--r-- | src/charon/plugins/nm/Makefile.in | 25 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_creds.c | 6 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_creds.h | 3 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_handler.c | 148 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_handler.h | 62 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_plugin.c | 24 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_plugin.h | 2 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_service.c | 97 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_service.h | 8 |
10 files changed, 339 insertions, 41 deletions
diff --git a/src/charon/plugins/nm/Makefile.am b/src/charon/plugins/nm/Makefile.am index 9c8c64fe1..9a0b48cd2 100644 --- a/src/charon/plugins/nm/Makefile.am +++ b/src/charon/plugins/nm/Makefile.am @@ -5,6 +5,9 @@ AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-nm.la libstrongswan_nm_la_SOURCES = \ - nm_plugin.h nm_plugin.c nm_service.h nm_service.c nm_creds.h nm_creds.c + nm_plugin.h nm_plugin.c \ + nm_service.h nm_service.c \ + nm_creds.h nm_creds.c \ + nm_handler.h nm_handler.c libstrongswan_nm_la_LDFLAGS = -module libstrongswan_nm_la_LIBADD = ${nm_LIBS} diff --git a/src/charon/plugins/nm/Makefile.in b/src/charon/plugins/nm/Makefile.in index b3990fab1..a75af8a0f 100644 --- a/src/charon/plugins/nm/Makefile.in +++ b/src/charon/plugins/nm/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.10.1 from Makefile.am. +# Makefile.in generated by automake 1.10.2 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -52,7 +52,7 @@ LTLIBRARIES = $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = libstrongswan_nm_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_nm_la_OBJECTS = nm_plugin.lo nm_service.lo \ - nm_creds.lo + nm_creds.lo nm_handler.lo libstrongswan_nm_la_OBJECTS = $(am_libstrongswan_nm_la_OBJECTS) libstrongswan_nm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -89,6 +89,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -111,6 +112,9 @@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ +LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ +LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ @@ -122,6 +126,7 @@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ @@ -135,6 +140,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -195,6 +202,7 @@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -206,6 +214,7 @@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ xml_CFLAGS = @xml_CFLAGS@ @@ -214,7 +223,10 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFL AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-nm.la libstrongswan_nm_la_SOURCES = \ - nm_plugin.h nm_plugin.c nm_service.h nm_service.c nm_creds.h nm_creds.c + nm_plugin.h nm_plugin.c \ + nm_service.h nm_service.c \ + nm_creds.h nm_creds.c \ + nm_handler.h nm_handler.c libstrongswan_nm_la_LDFLAGS = -module libstrongswan_nm_la_LIBADD = ${nm_LIBS} @@ -226,8 +238,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ - && exit 0; \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ @@ -288,6 +300,7 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nm_creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nm_handler.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nm_plugin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nm_service.Plo@am__quote@ @@ -323,7 +336,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ - $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS diff --git a/src/charon/plugins/nm/nm_creds.c b/src/charon/plugins/nm/nm_creds.c index e7cd640a7..d93b81c9a 100644 --- a/src/charon/plugins/nm/nm_creds.c +++ b/src/charon/plugins/nm/nm_creds.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ #include "nm_creds.h" @@ -259,9 +257,7 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id { this->lock->write_lock(this->lock); DESTROY_IF(this->user); - /* for EAP authentication, we use always use ID_EAP type */ - this->user = identification_create_from_encoding(ID_EAP, - id->get_encoding(id)); + this->user = id->clone(id); free(this->pass); this->pass = password ? strdup(password) : NULL; this->lock->unlock(this->lock); diff --git a/src/charon/plugins/nm/nm_creds.h b/src/charon/plugins/nm/nm_creds.h index b0cc7a098..421442c81 100644 --- a/src/charon/plugins/nm/nm_creds.h +++ b/src/charon/plugins/nm/nm_creds.h @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ /** @@ -23,6 +21,7 @@ #ifndef NM_CREDS_H_ #define NM_CREDS_H_ +#include <credentials/keys/private_key.h> #include <credentials/credential_set.h> typedef struct nm_creds_t nm_creds_t; diff --git a/src/charon/plugins/nm/nm_handler.c b/src/charon/plugins/nm/nm_handler.c new file mode 100644 index 000000000..026c47af2 --- /dev/null +++ b/src/charon/plugins/nm/nm_handler.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "nm_handler.h" + +#include <daemon.h> + +typedef struct private_nm_handler_t private_nm_handler_t; + +/** + * Private data of an nm_handler_t object. + */ +struct private_nm_handler_t { + + /** + * Public nm_handler_t interface. + */ + nm_handler_t public; + + /** + * list of received DNS server attributes, pointer to 4 byte data + */ + linked_list_t *dns; + + /** + * list of received NBNS server attributes, pointer to 4 byte data + */ + linked_list_t *nbns; +}; + +/** + * Implementation of attribute_handler_t.handle + */ +static bool handle(private_nm_handler_t *this, ike_sa_t *ike_sa, + configuration_attribute_type_t type, chunk_t data) +{ + linked_list_t *list; + + switch (type) + { + case INTERNAL_IP4_DNS: + list = this->dns; + break; + case INTERNAL_IP4_NBNS: + list = this->nbns; + break; + default: + return FALSE; + } + if (data.len != 4) + { + return FALSE; + } + list->insert_last(list, chunk_clone(data).ptr); + return TRUE; +} + +/** + * convert plain byte ptrs to handy chunk during enumeration + */ +static bool filter_chunks(void* null, char **in, chunk_t *out) +{ + *out = chunk_create(*in, 4); + return TRUE; +} + +/** + * Implementation of nm_handler_t.create_enumerator + */ +static enumerator_t* create_enumerator(private_nm_handler_t *this, + configuration_attribute_type_t type) +{ + linked_list_t *list; + + switch (type) + { + case INTERNAL_IP4_DNS: + list = this->dns; + break; + case INTERNAL_IP4_NBNS: + list = this->nbns; + break; + default: + return enumerator_create_empty(); + } + return enumerator_create_filter(list->create_enumerator(list), + (void*)filter_chunks, NULL, NULL); +} + +/** + * Implementation of nm_handler_t.reset + */ +static void reset(private_nm_handler_t *this) +{ + void *data; + + while (this->dns->remove_last(this->dns, (void**)&data) == SUCCESS) + { + free(data); + } + while (this->nbns->remove_last(this->nbns, (void**)&data) == SUCCESS) + { + free(data); + } +} + +/** + * Implementation of nm_handler_t.destroy. + */ +static void destroy(private_nm_handler_t *this) +{ + reset(this); + this->dns->destroy(this->dns); + this->nbns->destroy(this->nbns); + free(this); +} + +/** + * See header + */ +nm_handler_t *nm_handler_create() +{ + private_nm_handler_t *this = malloc_thing(private_nm_handler_t); + + this->public.handler.handle = (bool(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))handle; + this->public.handler.release = (void(*)(attribute_handler_t*, ike_sa_t*, configuration_attribute_type_t, chunk_t))nop; + this->public.create_enumerator = (enumerator_t*(*)(nm_handler_t*, configuration_attribute_type_t type))create_enumerator; + this->public.reset = (void(*)(nm_handler_t*))reset; + this->public.destroy = (void(*)(nm_handler_t*))destroy; + + this->dns = linked_list_create(); + this->nbns = linked_list_create(); + + return &this->public; +} + diff --git a/src/charon/plugins/nm/nm_handler.h b/src/charon/plugins/nm/nm_handler.h new file mode 100644 index 000000000..d537bb8de --- /dev/null +++ b/src/charon/plugins/nm/nm_handler.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup nm_handler nm_handler + * @{ @ingroup nm + */ + +#ifndef NM_HANDLER_H_ +#define NM_HANDLER_H_ + +#include <config/attributes/attribute_handler.h> + +typedef struct nm_handler_t nm_handler_t; + +/** + * Handles DNS/NBNS attributes to pass to NM. + */ +struct nm_handler_t { + + /** + * Implements attribute handler interface + */ + attribute_handler_t handler; + + /** + * Create an enumerator over received attributes of a given kind. + * + * @param type type of attributes to enumerate + * @return enumerator over attribute data (chunk_t) + */ + enumerator_t* (*create_enumerator)(nm_handler_t *this, + configuration_attribute_type_t type); + /** + * Reset state, flush all received attributes. + */ + void (*reset)(nm_handler_t *this); + + /** + * Destroy a nm_handler_t. + */ + void (*destroy)(nm_handler_t *this); +}; + +/** + * Create a nm_handler instance. + */ +nm_handler_t *nm_handler_create(); + +#endif /* NM_HANDLER_ @}*/ diff --git a/src/charon/plugins/nm/nm_plugin.c b/src/charon/plugins/nm/nm_plugin.c index 1336293f4..1fb46f814 100644 --- a/src/charon/plugins/nm/nm_plugin.c +++ b/src/charon/plugins/nm/nm_plugin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -11,13 +11,12 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ #include "nm_plugin.h" #include "nm_service.h" #include "nm_creds.h" +#include "nm_handler.h" #include <daemon.h> #include <processing/jobs/callback_job.h> @@ -50,6 +49,11 @@ struct private_nm_plugin_t { * credential set registered at the daemon */ nm_creds_t *creds; + + /** + * attribute handler regeisterd at the daemon + */ + nm_handler_t *handler; }; /** @@ -59,8 +63,6 @@ static job_requeue_t run(private_nm_plugin_t *this) { this->loop = g_main_loop_new(NULL, FALSE); g_main_loop_run(this->loop); - g_main_loop_unref(this->loop); - return JOB_REQUEUE_NONE; } @@ -71,7 +73,11 @@ static void destroy(private_nm_plugin_t *this) { if (this->loop) { - g_main_loop_quit(this->loop); + if (g_main_loop_is_running(this->loop)) + { + g_main_loop_quit(this->loop); + } + g_main_loop_unref(this->loop); } if (this->plugin) { @@ -79,6 +85,8 @@ static void destroy(private_nm_plugin_t *this) } charon->credentials->remove_set(charon->credentials, &this->creds->set); this->creds->destroy(this->creds); + charon->attributes->remove_handler(charon->attributes, &this->handler->handler); + this->handler->destroy(this->handler); free(this); } @@ -99,8 +107,10 @@ plugin_t *plugin_create() } this->creds = nm_creds_create(); + this->handler = nm_handler_create(); charon->credentials->add_set(charon->credentials, &this->creds->set); - this->plugin = nm_strongswan_plugin_new(this->creds); + charon->attributes->add_handler(charon->attributes, &this->handler->handler); + this->plugin = nm_strongswan_plugin_new(this->creds, this->handler); if (!this->plugin) { DBG1(DBG_CFG, "DBUS binding failed"); diff --git a/src/charon/plugins/nm/nm_plugin.h b/src/charon/plugins/nm/nm_plugin.h index fadcbfb96..18d053e11 100644 --- a/src/charon/plugins/nm/nm_plugin.h +++ b/src/charon/plugins/nm/nm_plugin.h @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ /** diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 72744b784..bca4d9e09 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ #include <nm-setting-vpn.h> @@ -23,6 +21,7 @@ #include <utils/host.h> #include <utils/identification.h> #include <config/peer_cfg.h> +#include <credentials/certificates/x509.h> #include <stdio.h> @@ -34,10 +33,16 @@ G_DEFINE_TYPE(NMStrongswanPlugin, nm_strongswan_plugin, NM_TYPE_VPN_PLUGIN) * Private data of NMStrongswanPlugin */ typedef struct { + /* implements bus listener interface */ listener_t listener; + /* IKE_SA we are listening on */ ike_sa_t *ike_sa; + /* backref to public plugin */ NMVPNPlugin *plugin; + /* credentials to use for authentication */ nm_creds_t *creds; + /* attribute handler for DNS/NBNS server information */ + nm_handler_t *handler; } NMStrongswanPluginPrivate; #define NM_STRONGSWAN_PLUGIN_GET_PRIVATE(o) \ @@ -45,6 +50,31 @@ typedef struct { NM_TYPE_STRONGSWAN_PLUGIN, NMStrongswanPluginPrivate)) /** + * convert enumerated handler chunks to a UINT_ARRAY GValue + */ +static GValue* handler_to_val(nm_handler_t *handler, + configuration_attribute_type_t type) +{ + GValue *val; + GArray *array; + enumerator_t *enumerator; + chunk_t chunk; + + enumerator = handler->create_enumerator(handler, type); + array = g_array_new (FALSE, TRUE, sizeof (guint32)); + while (enumerator->enumerate(enumerator, &chunk)) + { + g_array_append_val (array, *(u_int32_t*)chunk.ptr); + } + enumerator->destroy(enumerator); + val = g_slice_new0 (GValue); + g_value_init (val, DBUS_TYPE_G_UINT_ARRAY); + g_value_set_boxed (val, array); + + return val; +} + +/** * signal IPv4 config to NM, set connection as established */ static void signal_ipv4_config(NMVPNPlugin *plugin, @@ -53,10 +83,12 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, GValue *val; GHashTable *config; host_t *me, *other; + nm_handler_t *handler; config = g_hash_table_new(g_str_hash, g_str_equal); me = ike_sa->get_my_host(ike_sa); other = ike_sa->get_other_host(ike_sa); + handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; /* NM requires a tundev, but netkey does not use one. Passing an invalid * iface makes NM complain, but it accepts it without fiddling on eth0. */ @@ -75,6 +107,14 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, g_value_set_uint(val, me->get_address(me).len * 8); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val); + val = handler_to_val(handler, INTERNAL_IP4_DNS); + g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val); + + val = handler_to_val(handler, INTERNAL_IP4_NBNS); + g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val); + + handler->reset(handler); + nm_vpn_plugin_set_ip4_config(plugin, config); } @@ -83,6 +123,10 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, */ static void signal_failure(NMVPNPlugin *plugin) { + nm_handler_t *handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler; + + handler->reset(handler); + /* TODO: NM does not handle this failure!? */ nm_vpn_plugin_failure(plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED); @@ -151,9 +195,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, child_cfg_t *child_cfg; traffic_selector_t *ts; ike_sa_t *ike_sa; - auth_info_t *auth; + auth_cfg_t *auth; auth_class_t auth_class = AUTH_CLASS_EAP; certificate_t *cert = NULL; + x509_t *x509; bool agent = FALSE; /** @@ -201,7 +246,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, creds = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->creds; creds->clear(creds); - /* gateway cert */ + /* gateway/CA cert */ str = nm_setting_vpn_get_data_item(settings, "certificate"); if (str) { @@ -215,7 +260,21 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, "Loading gateway certificate failed."); return FALSE; } - gateway = cert->get_subject(cert); + x509 = (x509_t*)cert; + if (x509->get_flags(x509) & X509_CA) + { /* If the user configured a CA certificate, we use the IP/DNS + * of the gateway as its identity. This identity will be used for + * certificate lookup and requires the configured IP/DNS to be + * included in the gateway certificate. */ + gateway = identification_create_from_string((char*)address); + DBG1(DBG_CFG, "using CA certificate, gateway identity '%Y'", gateway); + } + else + { /* For a gateway certificate, we use the cert subject as identity. */ + gateway = cert->get_subject(cert); + gateway = gateway->clone(gateway); + DBG1(DBG_CFG, "using gateway certificate, identity '%Y'", gateway); + } if (auth_class == AUTH_CLASS_EAP) { @@ -223,8 +282,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, str = nm_setting_vpn_get_data_item(settings, "user"); if (str) { - user = identification_create_from_encoding(ID_KEY_ID, - chunk_create(str, strlen(str))); + user = identification_create_from_string((char*)str); str = nm_setting_vpn_get_secret(settings, "password"); creds->set_username_password(creds, user, (char*)str); } @@ -240,12 +298,13 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, private_key_t *private = NULL; cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_FROM_FILE, str, BUILD_END); + BUILD_FROM_FILE, str, BUILD_END); if (!cert) { g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "Loading peer certificate failed."); + gateway->destroy(gateway); return FALSE; } /* try agent */ @@ -304,6 +363,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, else { DESTROY_IF(cert); + gateway->destroy(gateway); return FALSE; } } @@ -313,6 +373,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, "Configuration parameters missing."); + gateway->destroy(gateway); return FALSE; } @@ -322,15 +383,21 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg, - user, gateway->clone(gateway), CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ TRUE, 0, /* mobike, DPD */ virtual ? host_create_from_string("0.0.0.0", 0) : NULL, NULL, FALSE, NULL, NULL); /* pool, mediation */ - auth = peer_cfg->get_auth(peer_cfg); - auth->add_item(auth, AUTHN_AUTH_CLASS, &auth_class); + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_class); + auth->add(auth, AUTH_RULE_IDENTITY, user); + peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + auth->add(auth, AUTH_RULE_IDENTITY, gateway); + peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); + child_cfg = child_cfg_create(CONFIG_NAME, 10800, 10200, /* lifetime 3h, rekey 2h50min */ 300, /* jitter 5min */ @@ -358,7 +425,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { peer_cfg->destroy(peer_cfg); } - if (ike_sa->initiate(ike_sa, child_cfg) != SUCCESS) + if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS) { charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa); @@ -489,7 +556,8 @@ static void nm_strongswan_plugin_class_init( /** * Object constructor */ -NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds) +NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds, + nm_handler_t *handler) { NMStrongswanPlugin *plugin = (NMStrongswanPlugin *)g_object_new ( NM_TYPE_STRONGSWAN_PLUGIN, @@ -498,6 +566,7 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds) if (plugin) { NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->creds = creds; + NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler = handler; } return plugin; } diff --git a/src/charon/plugins/nm/nm_service.h b/src/charon/plugins/nm/nm_service.h index bc6ebcf99..b00000b6f 100644 --- a/src/charon/plugins/nm/nm_service.h +++ b/src/charon/plugins/nm/nm_service.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2009 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id$ */ /** @@ -28,6 +26,7 @@ #include <nm-vpn-plugin.h> #include "nm_creds.h" +#include "nm_handler.h" #define NM_TYPE_STRONGSWAN_PLUGIN (nm_strongswan_plugin_get_type ()) #define NM_STRONGSWAN_PLUGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_STRONGSWAN_PLUGIN, NMSTRONGSWANPlugin)) @@ -50,6 +49,7 @@ typedef struct { GType nm_strongswan_plugin_get_type(void); -NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds); +NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds, + nm_handler_t *handler); #endif /** NM_SERVICE_H_ @}*/ |