Changeset 4261
- Timestamp:
- 08/20/08 10:51:18 (3 months ago)
- Files:
-
- trunk/src/charon/plugins/nm/gnome/nm-strongswan-service.name.in (modified) (1 diff)
- trunk/src/charon/plugins/nm/gnome/properties/nm-strongswan.c (modified) (2 diffs)
- trunk/src/charon/plugins/nm/nm_creds.c (modified) (7 diffs)
- trunk/src/charon/plugins/nm/nm_creds.h (modified) (1 diff)
- trunk/src/charon/plugins/nm/nm_service.c (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/src/charon/plugins/nm/gnome/nm-strongswan-service.name.in
r4241 r4261 5 5 6 6 [GNOME] 7 auth-dialog= nm-strongswan-auth-dialog7 auth-dialog=@LIBEXECDIR@/nm-strongswan-auth-dialog 8 8 properties=libnm-strongswan-properties trunk/src/charon/plugins/nm/gnome/properties/nm-strongswan.c
r4257 r4261 179 179 if (!widget) 180 180 return FALSE; 181 gtk_combo_box_append_text (GTK_COMBO_BOX (widget), "EAP"); 181 gtk_combo_box_append_text (GTK_COMBO_BOX (widget), _("EAP")); 182 gtk_combo_box_append_text (GTK_COMBO_BOX (widget), _("PSK (insecure)")); 182 183 value = g_hash_table_lookup (settings->data, "method"); 183 184 if (value) { 184 if (g_strcasecmp (value, " EAP") == 0) {185 if (g_strcasecmp (value, "eap") == 0) { 185 186 gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 0); 187 } 188 if (g_strcasecmp (value, "psk") == 0) { 189 gtk_combo_box_set_active (GTK_COMBO_BOX (widget), 1); 186 190 } 187 191 } … … 273 277 274 278 widget = glade_xml_get_widget (priv->xml, "method-combo"); 275 str = (char *) gtk_combo_box_get_active_text (GTK_COMBO_BOX (widget)); 276 if (str) { 277 g_hash_table_insert (settings->data, g_strdup ("method"), g_strdup(str)); 278 } 279 switch (gtk_combo_box_get_active (GTK_COMBO_BOX (widget))) 280 { 281 default: 282 str = "eap"; 283 break; 284 case 1: 285 str = "psk"; 286 break; 287 case 2: 288 str = "pubkey"; 289 break; 290 } 291 g_hash_table_insert (settings->data, g_strdup ("method"), g_strdup(str)); 279 292 280 293 widget = glade_xml_get_widget (priv->xml, "virtual-check"); trunk/src/charon/plugins/nm/nm_creds.c
r4257 r4261 41 41 42 42 /** 43 * User name 44 */ 45 identification_t *user; 46 47 /** 43 48 * User password 44 49 */ … … 58 63 identification_t *id, bool trusted) 59 64 { 60 if (!this->cert || 61 (cert != CERT_ANY && cert != this->cert->get_type(this->cert))) 62 { 63 return NULL; 64 } 65 if (!this->cert) 66 { 67 return NULL; 68 } 69 if (cert != CERT_ANY && cert != this->cert->get_type(this->cert)) 70 { 71 return NULL; 72 } 73 if (id && !this->cert->has_subject(this->cert, id)) 74 { 75 return NULL; 76 } 77 if (key != KEY_ANY) 78 { 79 public_key_t *public; 80 81 public = this->cert->get_public_key(this->cert); 82 if (!public) 83 { 84 return NULL; 85 } 86 if (public->get_type(public) != key) 87 { 88 public->destroy(public); 89 return NULL; 90 } 91 public->destroy(public); 92 } 93 pthread_rwlock_rdlock(&this->lock); 65 94 return enumerator_create_cleaner(enumerator_create_single(this->cert, NULL), 66 95 (void*)pthread_rwlock_unlock, &this->lock); 67 96 } 68 97 98 /** 99 * shared key enumerator implementation 100 */ 101 typedef struct { 102 enumerator_t public; 103 private_nm_creds_t *this; 104 shared_key_t *key; 105 bool done; 106 } shared_enumerator_t; 107 108 /** 109 * enumerate function for shared enumerator 110 */ 111 static bool shared_enumerate(shared_enumerator_t *this, shared_key_t **key, 112 id_match_t *me, id_match_t *other) 113 { 114 if (this->done) 115 { 116 return FALSE; 117 } 118 *key = this->key; 119 *me = ID_MATCH_PERFECT; 120 *other = ID_MATCH_ANY; 121 this->done = TRUE; 122 return TRUE; 123 } 124 125 /** 126 * Destroy function for shared enumerator 127 */ 128 static void shared_destroy(shared_enumerator_t *this) 129 { 130 this->key->destroy(this->key); 131 pthread_rwlock_unlock(&this->this->lock); 132 free(this); 133 } 69 134 /** 70 135 * Implements credential_set_t.create_cert_enumerator … … 74 139 identification_t *other) 75 140 { 76 shared_key_t *key; 77 78 if (!this->pass || (type != SHARED_EAP && type != SHARED_IKE)) 79 { 80 return NULL; 81 } 82 key = shared_key_create(type, chunk_clone( 83 chunk_create(this->pass, strlen(this->pass)))); 84 return enumerator_create_cleaner( 85 enumerator_create_single(key, (void*)key->destroy), 86 (void*)pthread_rwlock_unlock, &this->lock); 141 shared_enumerator_t *enumerator; 142 143 if (!this->pass || !this->user) 144 { 145 return NULL; 146 } 147 if (type != SHARED_EAP && type != SHARED_IKE) 148 { 149 return NULL; 150 } 151 if (me && !me->equals(me, this->user)) 152 { 153 return NULL; 154 } 155 156 enumerator = malloc_thing(shared_enumerator_t); 157 enumerator->public.enumerate = (void*)shared_enumerate; 158 enumerator->public.destroy = (void*)shared_destroy; 159 enumerator->this = this; 160 enumerator->done = FALSE; 161 pthread_rwlock_rdlock(&this->lock); 162 enumerator->key = shared_key_create(type, 163 chunk_clone(chunk_create(this->pass, 164 strlen(this->pass)))); 165 return &enumerator->public; 87 166 } 88 167 … … 101 180 * Implementation of nm_creds_t.set_password 102 181 */ 103 static void set_password(private_nm_creds_t *this, char *password) 182 static void set_password(private_nm_creds_t *this, identification_t *id, 183 char *password) 104 184 { 105 185 pthread_rwlock_wrlock(&this->lock); 186 DESTROY_IF(this->user); 187 this->user = id->clone(id); 106 188 free(this->pass); 107 189 this->pass = strdup(password); … … 115 197 { 116 198 DESTROY_IF(this->cert); 199 DESTROY_IF(this->user); 117 200 free(this->pass); 118 201 pthread_rwlock_destroy(&this->lock); … … 133 216 this->public.set.cache_cert = (void*)nop; 134 217 this->public.set_certificate = (void(*)(nm_creds_t*, certificate_t *cert))set_certificate; 135 this->public.set_password = (void(*)(nm_creds_t*, char *password))set_password;218 this->public.set_password = (void(*)(nm_creds_t*, identification_t *id, char *password))set_password; 136 219 this->public.destroy = (void(*)(nm_creds_t*))destroy; 137 220 … … 139 222 140 223 this->cert = NULL; 224 this->user = NULL; 141 225 this->pass = NULL; 142 226 trunk/src/charon/plugins/nm/nm_creds.h
r4257 r4261 46 46 47 47 /** 48 * Set the user spassword for authentication.48 * Set the username/password for authentication. 49 49 * 50 * @param id ID of the user 50 51 * @param password password to use for authentication 51 52 */ 52 void (*set_password)(nm_creds_t *this, char *password);53 void (*set_password)(nm_creds_t *this, identification_t *id, char *password); 53 54 54 55 /** trunk/src/charon/plugins/nm/nm_service.c
r4257 r4261 143 143 case IKE_UP_FAILED: 144 144 case CHD_UP_FAILED: 145 /* TODO: NM does not handle this failure!? 145 146 nm_vpn_plugin_failure(private->plugin, 146 NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED); 147 /* TODO: NM does not react on this failure!? So additionaly 148 * reset state */ 147 NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED); */ 149 148 nm_vpn_plugin_set_state(private->plugin, 150 149 NM_VPN_SERVICE_STATE_STOPPED); … … 173 172 traffic_selector_t *ts; 174 173 ike_sa_t *ike_sa; 174 config_auth_method_t method = CONF_AUTH_EAP; 175 175 176 176 /** … … 208 208 str = g_hash_table_lookup(settings->data, "ipcomp"); 209 209 ipcomp = str && streq(str, "yes"); 210 str = g_hash_table_lookup(settings->data, "method"); 211 if (str) 212 { 213 if (streq(str, "psk")) 214 { 215 method = CONF_AUTH_PSK; 216 } 217 else if (streq(str, "pubkey")) 218 { 219 method = CONF_AUTH_PUBKEY; 220 } 221 } 210 222 211 223 /** … … 226 238 if (str) 227 239 { 228 creds->set_password(creds, str);240 creds->set_password(creds, user, str); 229 241 } 230 242 … … 236 248 peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg, user, 237 249 identification_create_from_encoding(ID_ANY, chunk_empty), 238 CERT_SEND_IF_ASKED, UNIQUE_REPLACE, CONF_AUTH_PSK,250 CERT_SEND_IF_ASKED, UNIQUE_REPLACE, method, 239 251 0, 0, 1, /* EAP method, vendor, keyingtries */ 240 252 18000, 0, /* rekey 5h, reauth none */