summaryrefslogtreecommitdiff
path: root/src/libcharon/plugins/nm
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/nm')
-rw-r--r--src/libcharon/plugins/nm/Makefile.in7
-rw-r--r--src/libcharon/plugins/nm/nm_creds.c176
-rw-r--r--src/libcharon/plugins/nm/nm_handler.c61
-rw-r--r--src/libcharon/plugins/nm/nm_plugin.c5
-rw-r--r--src/libcharon/plugins/nm/nm_service.c8
-rw-r--r--src/libcharon/plugins/nm/nm_service.h2
6 files changed, 118 insertions, 141 deletions
diff --git a/src/libcharon/plugins/nm/Makefile.in b/src/libcharon/plugins/nm/Makefile.in
index 308d27229..d9ad2388e 100644
--- a/src/libcharon/plugins/nm/Makefile.in
+++ b/src/libcharon/plugins/nm/Makefile.in
@@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -201,6 +204,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -217,11 +221,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libcharon/plugins/nm/nm_creds.c b/src/libcharon/plugins/nm/nm_creds.c
index ea98c056d..f8fae9504 100644
--- a/src/libcharon/plugins/nm/nm_creds.c
+++ b/src/libcharon/plugins/nm/nm_creds.c
@@ -170,11 +170,13 @@ static bool cert_filter(cert_data_t *data, certificate_t **in,
static enumerator_t *create_trusted_cert_enumerator(private_nm_creds_t *this,
key_type_t key, identification_t *id)
{
- cert_data_t *data = malloc_thing(cert_data_t);
+ cert_data_t *data;
- data->this = this;
- data->id = id;
- data->key = key;
+ INIT(data,
+ .this = this,
+ .id = id,
+ .key = key,
+ );
this->lock->read_lock(this->lock);
return enumerator_create_filter(
@@ -182,12 +184,9 @@ static enumerator_t *create_trusted_cert_enumerator(private_nm_creds_t *this,
(void*)cert_filter, data, (void*)cert_data_destroy);
}
-/**
- * Implements credential_set_t.create_cert_enumerator
- */
-static enumerator_t* create_cert_enumerator(private_nm_creds_t *this,
- certificate_type_t cert, key_type_t key,
- identification_t *id, bool trusted)
+METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
+ private_nm_creds_t *this, certificate_type_t cert, key_type_t key,
+ identification_t *id, bool trusted)
{
if (id && this->usercert &&
id->equals(id, this->usercert->get_subject(this->usercert)))
@@ -201,11 +200,8 @@ static enumerator_t* create_cert_enumerator(private_nm_creds_t *this,
return NULL;
}
-/**
- * Implements credential_set_t.create_cert_enumerator
- */
-static enumerator_t* create_private_enumerator(private_nm_creds_t *this,
- key_type_t type, identification_t *id)
+METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
+ private_nm_creds_t *this, key_type_t type, identification_t *id)
{
if (this->key == NULL)
{
@@ -238,11 +234,9 @@ typedef struct {
bool done;
} shared_enumerator_t;
-/**
- * enumerate function for shared enumerator
- */
-static bool shared_enumerate(shared_enumerator_t *this, shared_key_t **key,
- id_match_t *me, id_match_t *other)
+METHOD(enumerator_t, shared_enumerate, bool,
+ shared_enumerator_t *this, shared_key_t **key, id_match_t *me,
+ id_match_t *other)
{
if (this->done)
{
@@ -261,43 +255,41 @@ static bool shared_enumerate(shared_enumerator_t *this, shared_key_t **key,
return TRUE;
}
-/**
- * Destroy function for shared enumerator
- */
-static void shared_destroy(shared_enumerator_t *this)
+METHOD(enumerator_t, shared_destroy, void,
+ shared_enumerator_t *this)
{
this->key->destroy(this->key);
this->this->lock->unlock(this->this->lock);
free(this);
}
-/**
- * Implements credential_set_t.create_cert_enumerator
- */
-static enumerator_t* create_shared_enumerator(private_nm_creds_t *this,
- shared_key_type_t type, identification_t *me,
- identification_t *other)
+
+METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
+ private_nm_creds_t *this, shared_key_type_t type, identification_t *me,
+ identification_t *other)
{
shared_enumerator_t *enumerator;
chunk_t key;
+ this->lock->read_lock(this->lock);
+
switch (type)
{
case SHARED_EAP:
case SHARED_IKE:
if (!this->pass || !this->user)
{
- return NULL;
+ goto no_secret;
}
if (me && !me->equals(me, this->user))
{
- return NULL;
+ goto no_secret;
}
key = chunk_create(this->pass, strlen(this->pass));
break;
case SHARED_PRIVATE_KEY_PASS:
if (!this->keypass)
{
- return NULL;
+ goto no_secret;
}
key = chunk_create(this->keypass, strlen(this->keypass));
break;
@@ -305,28 +297,31 @@ static enumerator_t* create_shared_enumerator(private_nm_creds_t *this,
if (!this->keypass || !me ||
!chunk_equals(me->get_encoding(me), this->keyid))
{
- return NULL;
+ goto no_secret;
}
key = chunk_create(this->keypass, strlen(this->keypass));
break;
default:
- return NULL;
+ goto no_secret;
}
- enumerator = malloc_thing(shared_enumerator_t);
- enumerator->public.enumerate = (void*)shared_enumerate;
- enumerator->public.destroy = (void*)shared_destroy;
- enumerator->this = this;
- enumerator->done = FALSE;
- this->lock->read_lock(this->lock);
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_shared_enumerate,
+ .destroy = _shared_destroy,
+ },
+ .this = this,
+ );
enumerator->key = shared_key_create(type, chunk_clone(key));
return &enumerator->public;
+
+no_secret:
+ this->lock->unlock(this->lock);
+ return NULL;
}
-/**
- * Implementation of nm_creds_t.add_certificate
- */
-static void add_certificate(private_nm_creds_t *this, certificate_t *cert)
+METHOD(nm_creds_t, add_certificate, void,
+ private_nm_creds_t *this, certificate_t *cert)
{
this->lock->write_lock(this->lock);
this->certs->insert_last(this->certs, cert);
@@ -359,10 +354,8 @@ static void load_ca_file(private_nm_creds_t *this, char *file)
}
}
-/**
- * Implementation of nm_creds_t.load_ca_dir
- */
-static void load_ca_dir(private_nm_creds_t *this, char *dir)
+METHOD(nm_creds_t, load_ca_dir, void,
+ private_nm_creds_t *this, char *dir)
{
enumerator_t *enumerator;
char *rel, *abs;
@@ -390,11 +383,8 @@ static void load_ca_dir(private_nm_creds_t *this, char *dir)
}
}
-/**
- * Implementation of nm_creds_t.set_password
- */
-static void set_username_password(private_nm_creds_t *this, identification_t *id,
- char *password)
+METHOD(nm_creds_t, set_username_password, void,
+ private_nm_creds_t *this, identification_t *id, char *password)
{
this->lock->write_lock(this->lock);
DESTROY_IF(this->user);
@@ -404,10 +394,8 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id
this->lock->unlock(this->lock);
}
-/**
- * Implementation of nm_creds_t.set_key_password
- */
-static void set_key_password(private_nm_creds_t *this, char *password)
+METHOD(nm_creds_t, set_key_password, void,
+ private_nm_creds_t *this, char *password)
{
this->lock->write_lock(this->lock);
free(this->keypass);
@@ -415,10 +403,8 @@ static void set_key_password(private_nm_creds_t *this, char *password)
this->lock->unlock(this->lock);
}
-/**
- * Implementation of nm_creds_t.set_pin
- */
-static void set_pin(private_nm_creds_t *this, chunk_t keyid, char *pin)
+METHOD(nm_creds_t, set_pin, void,
+ private_nm_creds_t *this, chunk_t keyid, char *pin)
{
this->lock->write_lock(this->lock);
free(this->keypass);
@@ -428,11 +414,8 @@ static void set_pin(private_nm_creds_t *this, chunk_t keyid, char *pin)
this->lock->unlock(this->lock);
}
-/**
- * Implementation of nm_creds_t.set_cert_and_key
- */
-static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert,
- private_key_t *key)
+METHOD(nm_creds_t, set_cert_and_key, void,
+ private_nm_creds_t *this, certificate_t *cert, private_key_t *key)
{
this->lock->write_lock(this->lock);
DESTROY_IF(this->key);
@@ -442,10 +425,8 @@ static void set_cert_and_key(private_nm_creds_t *this, certificate_t *cert,
this->lock->unlock(this->lock);
}
-/**
- * Implementation of nm_creds_t.clear
- */
-static void clear(private_nm_creds_t *this)
+METHOD(nm_creds_t, clear, void,
+ private_nm_creds_t *this)
{
certificate_t *cert;
@@ -467,10 +448,8 @@ static void clear(private_nm_creds_t *this)
this->keyid = chunk_empty;
}
-/**
- * Implementation of nm_creds_t.destroy
- */
-static void destroy(private_nm_creds_t *this)
+METHOD(nm_creds_t, destroy, void,
+ private_nm_creds_t *this)
{
clear(this);
this->certs->destroy(this->certs);
@@ -483,32 +462,29 @@ static void destroy(private_nm_creds_t *this)
*/
nm_creds_t *nm_creds_create()
{
- private_nm_creds_t *this = malloc_thing(private_nm_creds_t);
-
- this->public.set.create_private_enumerator = (void*)create_private_enumerator;
- this->public.set.create_cert_enumerator = (void*)create_cert_enumerator;
- this->public.set.create_shared_enumerator = (void*)create_shared_enumerator;
- this->public.set.create_cdp_enumerator = (void*)return_null;
- this->public.set.cache_cert = (void*)nop;
- this->public.add_certificate = (void(*)(nm_creds_t*, certificate_t *cert))add_certificate;
- this->public.load_ca_dir = (void(*)(nm_creds_t*, char *dir))load_ca_dir;
- this->public.set_username_password = (void(*)(nm_creds_t*, identification_t *id, char *password))set_username_password;
- this->public.set_key_password = (void(*)(nm_creds_t*, char *password))set_key_password;
- this->public.set_pin = (void(*)(nm_creds_t*, chunk_t keyid, char *pin))set_pin;
- this->public.set_cert_and_key = (void(*)(nm_creds_t*, certificate_t *cert, private_key_t *key))set_cert_and_key;
- this->public.clear = (void(*)(nm_creds_t*))clear;
- this->public.destroy = (void(*)(nm_creds_t*))destroy;
-
- this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
-
- this->certs = linked_list_create();
- this->user = NULL;
- this->pass = NULL;
- this->usercert = NULL;
- this->key = NULL;
- this->keypass = NULL;
- this->keyid = chunk_empty;
+ private_nm_creds_t *this;
+ INIT(this,
+ .public = {
+ .set = {
+ .create_private_enumerator = _create_private_enumerator,
+ .create_cert_enumerator = _create_cert_enumerator,
+ .create_shared_enumerator = _create_shared_enumerator,
+ .create_cdp_enumerator = (void*)return_null,
+ .cache_cert = (void*)nop,
+ },
+ .add_certificate = _add_certificate,
+ .load_ca_dir = _load_ca_dir,
+ .set_username_password = _set_username_password,
+ .set_key_password = _set_key_password,
+ .set_pin = _set_pin,
+ .set_cert_and_key = _set_cert_and_key,
+ .clear = _clear,
+ .destroy = _destroy,
+ },
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ .certs = linked_list_create(),
+ );
return &this->public;
}
diff --git a/src/libcharon/plugins/nm/nm_handler.c b/src/libcharon/plugins/nm/nm_handler.c
index eacb54dda..408129ebe 100644
--- a/src/libcharon/plugins/nm/nm_handler.c
+++ b/src/libcharon/plugins/nm/nm_handler.c
@@ -40,11 +40,9 @@ struct private_nm_handler_t {
linked_list_t *nbns;
};
-/**
- * Implementation of attribute_handler_t.handle
- */
-static bool handle(private_nm_handler_t *this, identification_t *server,
- configuration_attribute_type_t type, chunk_t data)
+METHOD(attribute_handler_t, handle, bool,
+ private_nm_handler_t *this, identification_t *server,
+ configuration_attribute_type_t type, chunk_t data)
{
linked_list_t *list;
@@ -93,11 +91,8 @@ static bool enumerate_dns(enumerator_t *this,
return TRUE;
}
-/**
- * Implementation of attribute_handler_t.create_attribute_enumerator
- */
-static enumerator_t* create_attribute_enumerator(private_nm_handler_t *this,
- identification_t *server, host_t *vip)
+METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*,
+ private_nm_handler_t *this, identification_t *server, host_t *vip)
{
if (vip && vip->get_family(vip) == AF_INET)
{ /* no IPv6 attributes yet */
@@ -120,11 +115,8 @@ static bool filter_chunks(void* null, char **in, chunk_t *out)
return TRUE;
}
-/**
- * Implementation of nm_handler_t.create_enumerator
- */
-static enumerator_t* create_enumerator(private_nm_handler_t *this,
- configuration_attribute_type_t type)
+METHOD(nm_handler_t, create_enumerator, enumerator_t*,
+ private_nm_handler_t *this, configuration_attribute_type_t type)
{
linked_list_t *list;
@@ -143,10 +135,8 @@ static enumerator_t* create_enumerator(private_nm_handler_t *this,
(void*)filter_chunks, NULL, NULL);
}
-/**
- * Implementation of nm_handler_t.reset
- */
-static void reset(private_nm_handler_t *this)
+METHOD(nm_handler_t, reset, void,
+ private_nm_handler_t *this)
{
void *data;
@@ -160,10 +150,8 @@ static void reset(private_nm_handler_t *this)
}
}
-/**
- * Implementation of nm_handler_t.destroy.
- */
-static void destroy(private_nm_handler_t *this)
+METHOD(nm_handler_t, destroy, void,
+ private_nm_handler_t *this)
{
reset(this);
this->dns->destroy(this->dns);
@@ -176,17 +164,22 @@ static void destroy(private_nm_handler_t *this)
*/
nm_handler_t *nm_handler_create()
{
- private_nm_handler_t *this = malloc_thing(private_nm_handler_t);
-
- this->public.handler.handle = (bool(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))handle;
- this->public.handler.release = (void(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))nop;
- this->public.handler.create_attribute_enumerator = (enumerator_t*(*)(attribute_handler_t*, identification_t *server, host_t *vip))create_attribute_enumerator;
- this->public.create_enumerator = (enumerator_t*(*)(nm_handler_t*, configuration_attribute_type_t type))create_enumerator;
- this->public.reset = (void(*)(nm_handler_t*))reset;
- this->public.destroy = (void(*)(nm_handler_t*))destroy;
-
- this->dns = linked_list_create();
- this->nbns = linked_list_create();
+ private_nm_handler_t *this;
+
+ INIT(this,
+ .public = {
+ .handler = {
+ .handle = _handle,
+ .release = nop,
+ .create_attribute_enumerator = _create_attribute_enumerator,
+ },
+ .create_enumerator = _create_enumerator,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ .dns = linked_list_create(),
+ .nbns = linked_list_create(),
+ );
return &this->public;
}
diff --git a/src/libcharon/plugins/nm/nm_plugin.c b/src/libcharon/plugins/nm/nm_plugin.c
index f1d3be7a5..84b7c810a 100644
--- a/src/libcharon/plugins/nm/nm_plugin.c
+++ b/src/libcharon/plugins/nm/nm_plugin.c
@@ -118,8 +118,8 @@ plugin_t *nm_plugin_create()
},
.creds = nm_creds_create(),
.handler = nm_handler_create(),
- .plugin = nm_strongswan_plugin_new(this->creds, this->handler),
);
+ this->plugin = nm_strongswan_plugin_new(this->creds, this->handler);
hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
@@ -134,7 +134,8 @@ plugin_t *nm_plugin_create()
charon->keep_cap(charon, CAP_DAC_OVERRIDE);
lib->processor->queue_job(lib->processor,
- (job_t*)callback_job_create((callback_job_cb_t)run, this, NULL, NULL));
+ (job_t*)callback_job_create_with_prio((callback_job_cb_t)run,
+ this, NULL, NULL, JOB_PRIO_CRITICAL));
return &this->public.plugin;
}
diff --git a/src/libcharon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c
index 4300b57cf..a6783fcc3 100644
--- a/src/libcharon/plugins/nm/nm_service.c
+++ b/src/libcharon/plugins/nm/nm_service.c
@@ -82,12 +82,11 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
{
GValue *val;
GHashTable *config;
- host_t *me, *other;
+ host_t *me;
nm_handler_t *handler;
config = g_hash_table_new(g_str_hash, g_str_equal);
me = ike_sa->get_my_host(ike_sa);
- other = ike_sa->get_other_host(ike_sa);
handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
/* NM requires a tundev, but netkey does not use one. Passing an invalid
@@ -632,7 +631,8 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err)
u_int id;
/* our ike_sa pointer might be invalid, lookup sa */
- enumerator = charon->controller->create_ike_sa_enumerator(charon->controller);
+ enumerator = charon->controller->create_ike_sa_enumerator(
+ charon->controller, TRUE);
while (enumerator->enumerate(enumerator, &ike_sa))
{
if (priv->ike_sa == ike_sa)
@@ -640,7 +640,7 @@ static gboolean disconnect(NMVPNPlugin *plugin, GError **err)
id = ike_sa->get_unique_id(ike_sa);
enumerator->destroy(enumerator);
charon->controller->terminate_ike(charon->controller, id,
- controller_cb_empty, NULL);
+ controller_cb_empty, NULL, 0);
return TRUE;
}
}
diff --git a/src/libcharon/plugins/nm/nm_service.h b/src/libcharon/plugins/nm/nm_service.h
index b00000b6f..828d1a452 100644
--- a/src/libcharon/plugins/nm/nm_service.h
+++ b/src/libcharon/plugins/nm/nm_service.h
@@ -21,7 +21,7 @@
#ifndef NM_SERVICE_H_
#define NM_SERVICE_H_
-#include <glib/gtypes.h>
+#include <glib.h>
#include <glib-object.h>
#include <nm-vpn-plugin.h>