2 * Copyright (C) 2013 Tobias Brunner
3 * Copyright (C) 2008-2009 Martin Willi
4 * Hochschule fuer Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 #include <nm-setting-vpn.h>
18 #include <nm-setting-connection.h>
19 #include "nm_service.h"
22 #include <networking/host.h>
23 #include <utils/identification.h>
24 #include <config/peer_cfg.h>
25 #include <credentials/certificates/x509.h>
29 G_DEFINE_TYPE(NMStrongswanPlugin
, nm_strongswan_plugin
, NM_TYPE_VPN_PLUGIN
)
32 * Private data of NMStrongswanPlugin
35 /* implements bus listener interface */
37 /* IKE_SA we are listening on */
39 /* backref to public plugin */
41 /* credentials to use for authentication */
43 /* attribute handler for DNS/NBNS server information */
44 nm_handler_t
*handler
;
45 /* name of the connection */
47 } NMStrongswanPluginPrivate
;
49 #define NM_STRONGSWAN_PLUGIN_GET_PRIVATE(o) \
50 (G_TYPE_INSTANCE_GET_PRIVATE ((o), \
51 NM_TYPE_STRONGSWAN_PLUGIN, NMStrongswanPluginPrivate))
54 * convert enumerated handler chunks to a UINT_ARRAY GValue
56 static GValue
* handler_to_val(nm_handler_t
*handler
,
57 configuration_attribute_type_t type
)
61 enumerator_t
*enumerator
;
64 enumerator
= handler
->create_enumerator(handler
, type
);
65 array
= g_array_new (FALSE
, TRUE
, sizeof (guint32
));
66 while (enumerator
->enumerate(enumerator
, &chunk
))
68 g_array_append_val (array
, *(uint32_t*)chunk
.ptr
);
70 enumerator
->destroy(enumerator
);
71 val
= g_slice_new0 (GValue
);
72 g_value_init (val
, DBUS_TYPE_G_UINT_ARRAY
);
73 g_value_set_boxed (val
, array
);
79 * signal IPv4 config to NM, set connection as established
81 static void signal_ipv4_config(NMVPNPlugin
*plugin
,
82 ike_sa_t
*ike_sa
, child_sa_t
*child_sa
)
84 NMStrongswanPluginPrivate
*priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
87 enumerator_t
*enumerator
;
89 nm_handler_t
*handler
;
91 config
= g_hash_table_new(g_str_hash
, g_str_equal
);
92 handler
= priv
->handler
;
94 /* NM apparently requires to know the gateway */
95 val
= g_slice_new0 (GValue
);
96 g_value_init (val
, G_TYPE_UINT
);
97 other
= ike_sa
->get_other_host(ike_sa
);
98 g_value_set_uint (val
, *(uint32_t*)other
->get_address(other
).ptr
);
99 g_hash_table_insert (config
, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY
, val
);
101 /* NM installs this IP address on the interface above, so we use the VIP if
104 enumerator
= ike_sa
->create_virtual_ip_enumerator(ike_sa
, TRUE
);
105 if (!enumerator
->enumerate(enumerator
, &me
))
107 me
= ike_sa
->get_my_host(ike_sa
);
109 enumerator
->destroy(enumerator
);
110 val
= g_slice_new0(GValue
);
111 g_value_init(val
, G_TYPE_UINT
);
112 g_value_set_uint(val
, *(uint32_t*)me
->get_address(me
).ptr
);
113 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS
, val
);
115 val
= g_slice_new0(GValue
);
116 g_value_init(val
, G_TYPE_UINT
);
117 g_value_set_uint(val
, me
->get_address(me
).len
* 8);
118 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX
, val
);
120 /* prevent NM from changing the default route. we set our own route in our
123 val
= g_slice_new0(GValue
);
124 g_value_init(val
, G_TYPE_BOOLEAN
);
125 g_value_set_boolean(val
, TRUE
);
126 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT
, val
);
128 val
= handler_to_val(handler
, INTERNAL_IP4_DNS
);
129 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_DNS
, val
);
131 val
= handler_to_val(handler
, INTERNAL_IP4_NBNS
);
132 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_NBNS
, val
);
134 handler
->reset(handler
);
136 nm_vpn_plugin_set_ip4_config(plugin
, config
);
140 * signal failure to NM, connecting failed
142 static void signal_failure(NMVPNPlugin
*plugin
, NMVPNPluginFailure failure
)
144 nm_handler_t
*handler
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
)->handler
;
146 handler
->reset(handler
);
148 /* TODO: NM does not handle this failure!? */
149 nm_vpn_plugin_failure(plugin
, failure
);
150 nm_vpn_plugin_set_state(plugin
, NM_VPN_SERVICE_STATE_STOPPED
);
154 * Implementation of listener_t.ike_state_change
156 static bool ike_state_change(listener_t
*listener
, ike_sa_t
*ike_sa
,
157 ike_sa_state_t state
)
159 NMStrongswanPluginPrivate
*private = (NMStrongswanPluginPrivate
*)listener
;
161 if (private->ike_sa
== ike_sa
&& state
== IKE_DESTROYING
)
163 signal_failure(private->plugin
, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED
);
170 * Implementation of listener_t.child_state_change
172 static bool child_state_change(listener_t
*listener
, ike_sa_t
*ike_sa
,
173 child_sa_t
*child_sa
, child_sa_state_t state
)
175 NMStrongswanPluginPrivate
*private = (NMStrongswanPluginPrivate
*)listener
;
177 if (private->ike_sa
== ike_sa
&& state
== CHILD_DESTROYING
)
179 signal_failure(private->plugin
, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED
);
186 * Implementation of listener_t.child_updown
188 static bool child_updown(listener_t
*listener
, ike_sa_t
*ike_sa
,
189 child_sa_t
*child_sa
, bool up
)
191 NMStrongswanPluginPrivate
*private = (NMStrongswanPluginPrivate
*)listener
;
193 if (private->ike_sa
== ike_sa
)
196 { /* disable initiate-failure-detection hooks */
197 private->listener
.ike_state_change
= NULL
;
198 private->listener
.child_state_change
= NULL
;
199 signal_ipv4_config(private->plugin
, ike_sa
, child_sa
);
203 signal_failure(private->plugin
, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED
);
211 * Implementation of listener_t.ike_rekey
213 static bool ike_rekey(listener_t
*listener
, ike_sa_t
*old
, ike_sa_t
*new)
215 NMStrongswanPluginPrivate
*private = (NMStrongswanPluginPrivate
*)listener
;
217 if (private->ike_sa
== old
)
218 { /* follow a rekeyed IKE_SA */
219 private->ike_sa
= new;
225 * Find a certificate for which we have a private key on a smartcard
227 static identification_t
*find_smartcard_key(NMStrongswanPluginPrivate
*priv
,
230 enumerator_t
*enumerator
, *sans
;
231 identification_t
*id
= NULL
;
237 enumerator
= lib
->credmgr
->create_cert_enumerator(lib
->credmgr
,
238 CERT_X509
, KEY_ANY
, NULL
, FALSE
);
239 while (enumerator
->enumerate(enumerator
, &cert
))
241 x509
= (x509_t
*)cert
;
243 /* there might be a lot of certificates, filter them by usage */
244 if ((x509
->get_flags(x509
) & X509_CLIENT_AUTH
) &&
245 !(x509
->get_flags(x509
) & X509_CA
))
247 keyid
= x509
->get_subjectKeyIdentifier(x509
);
250 /* try to find a private key by the certificate keyid */
251 priv
->creds
->set_pin(priv
->creds
, keyid
, pin
);
252 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
,
253 KEY_ANY
, BUILD_PKCS11_KEYID
, keyid
, BUILD_END
);
256 /* prefer a more convenient subjectAltName */
257 sans
= x509
->create_subjectAltName_enumerator(x509
);
258 if (!sans
->enumerate(sans
, &id
))
260 id
= cert
->get_subject(cert
);
265 DBG1(DBG_CFG
, "using smartcard certificate '%Y'", id
);
266 priv
->creds
->set_cert_and_key(priv
->creds
,
267 cert
->get_ref(cert
), key
);
273 enumerator
->destroy(enumerator
);
278 * Connect function called from NM via DBUS
280 static gboolean
connect_(NMVPNPlugin
*plugin
, NMConnection
*connection
,
283 NMStrongswanPluginPrivate
*priv
;
284 NMSettingConnection
*conn
;
286 enumerator_t
*enumerator
;
287 identification_t
*user
= NULL
, *gateway
= NULL
;
288 const char *address
, *str
;
289 bool virtual, encap
, proposal
;
292 peer_cfg_t
*peer_cfg
;
293 child_cfg_t
*child_cfg
;
294 traffic_selector_t
*ts
;
297 auth_class_t auth_class
= AUTH_CLASS_EAP
;
298 certificate_t
*cert
= NULL
;
300 bool agent
= FALSE
, smartcard
= FALSE
, loose_gateway_id
= FALSE
;
301 peer_cfg_create_t peer
= {
302 .cert_policy
= CERT_SEND_IF_ASKED
,
303 .unique
= UNIQUE_REPLACE
,
305 .rekey_time
= 36000, /* 10h */
306 .jitter_time
= 600, /* 10min */
307 .over_time
= 600, /* 10min */
309 child_cfg_create_t child
= {
312 .life
= 10800 /* 3h */,
313 .rekey
= 10200 /* 2h50min */,
314 .jitter
= 300 /* 5min */
323 priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
324 conn
= NM_SETTING_CONNECTION(nm_connection_get_setting(connection
,
325 NM_TYPE_SETTING_CONNECTION
));
326 vpn
= NM_SETTING_VPN(nm_connection_get_setting(connection
,
327 NM_TYPE_SETTING_VPN
));
332 priv
->name
= strdup(nm_setting_connection_get_id(conn
));
333 DBG1(DBG_CFG
, "received initiate for NetworkManager connection %s",
336 nm_setting_to_string(NM_SETTING(vpn
)));
337 address
= nm_setting_vpn_get_data_item(vpn
, "address");
338 if (!address
|| !*address
)
340 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
341 "Gateway address missing.");
344 str
= nm_setting_vpn_get_data_item(vpn
, "virtual");
345 virtual = streq(str
, "yes");
346 str
= nm_setting_vpn_get_data_item(vpn
, "encap");
347 encap
= streq(str
, "yes");
348 str
= nm_setting_vpn_get_data_item(vpn
, "ipcomp");
349 child
.options
|= streq(str
, "yes") ? OPT_IPCOMP
: 0;
350 str
= nm_setting_vpn_get_data_item(vpn
, "method");
351 if (streq(str
, "psk"))
353 auth_class
= AUTH_CLASS_PSK
;
355 else if (streq(str
, "agent"))
357 auth_class
= AUTH_CLASS_PUBKEY
;
360 else if (streq(str
, "key"))
362 auth_class
= AUTH_CLASS_PUBKEY
;
364 else if (streq(str
, "smartcard"))
366 auth_class
= AUTH_CLASS_PUBKEY
;
371 * Register credentials
373 priv
->creds
->clear(priv
->creds
);
375 /* gateway/CA cert */
376 str
= nm_setting_vpn_get_data_item(vpn
, "certificate");
379 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
380 BUILD_FROM_FILE
, str
, BUILD_END
);
383 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
384 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
385 "Loading gateway certificate failed.");
388 priv
->creds
->add_certificate(priv
->creds
, cert
);
390 x509
= (x509_t
*)cert
;
391 if (!(x509
->get_flags(x509
) & X509_CA
))
392 { /* For a gateway certificate, we use the cert subject as identity. */
393 gateway
= cert
->get_subject(cert
);
394 gateway
= gateway
->clone(gateway
);
395 DBG1(DBG_CFG
, "using gateway certificate, identity '%Y'", gateway
);
400 /* no certificate defined, fall back to system-wide CA certificates */
401 priv
->creds
->load_ca_dir(priv
->creds
, lib
->settings
->get_str(
402 lib
->settings
, "charon-nm.ca_dir", NM_CA_DIR
));
406 /* If the user configured a CA certificate, we use the IP/DNS
407 * of the gateway as its identity. This identity will be used for
408 * certificate lookup and requires the configured IP/DNS to be
409 * included in the gateway certificate. */
410 gateway
= identification_create_from_string((char*)address
);
411 DBG1(DBG_CFG
, "using CA certificate, gateway identity '%Y'", gateway
);
412 loose_gateway_id
= TRUE
;
415 if (auth_class
== AUTH_CLASS_EAP
||
416 auth_class
== AUTH_CLASS_PSK
)
418 /* username/password or PSK authentication ... */
419 str
= nm_setting_vpn_get_data_item(vpn
, "user");
422 user
= identification_create_from_string((char*)str
);
423 str
= nm_setting_vpn_get_secret(vpn
, "password");
424 if (auth_class
== AUTH_CLASS_PSK
&&
427 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
428 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
429 "pre-shared key is too short.");
430 gateway
->destroy(gateway
);
434 priv
->creds
->set_username_password(priv
->creds
, user
, (char*)str
);
438 if (auth_class
== AUTH_CLASS_PUBKEY
)
444 pin
= (char*)nm_setting_vpn_get_secret(vpn
, "password");
447 user
= find_smartcard_key(priv
, pin
);
451 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
452 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
453 "no usable smartcard certificate found.");
454 gateway
->destroy(gateway
);
458 /* ... or certificate/private key authenitcation */
459 else if ((str
= nm_setting_vpn_get_data_item(vpn
, "usercert")))
461 public_key_t
*public;
462 private_key_t
*private = NULL
;
464 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
465 BUILD_FROM_FILE
, str
, BUILD_END
);
468 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
469 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
470 "Loading peer certificate failed.");
471 gateway
->destroy(gateway
);
475 str
= nm_setting_vpn_get_secret(vpn
, "agent");
478 public = cert
->get_public_key(cert
);
481 private = lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
,
482 public->get_type(public),
483 BUILD_AGENT_SOCKET
, str
,
484 BUILD_PUBLIC_KEY
, public,
486 public->destroy(public);
490 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
491 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
492 "Connecting to SSH agent failed.");
495 /* ... or key file */
496 str
= nm_setting_vpn_get_data_item(vpn
, "userkey");
501 secret
= (char*)nm_setting_vpn_get_secret(vpn
, "password");
504 priv
->creds
->set_key_password(priv
->creds
, secret
);
506 private = lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
,
507 KEY_RSA
, BUILD_FROM_FILE
, str
, BUILD_END
);
510 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
511 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
512 "Loading private key failed.");
517 user
= cert
->get_subject(cert
);
518 user
= user
->clone(user
);
519 priv
->creds
->set_cert_and_key(priv
->creds
, cert
, private);
524 gateway
->destroy(gateway
);
532 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
533 "Configuration parameters missing.");
534 gateway
->destroy(gateway
);
539 * Set up configurations
541 ike_cfg
= ike_cfg_create(IKEV2
, TRUE
, encap
, "0.0.0.0",
542 charon
->socket
->get_port(charon
->socket
, FALSE
),
543 (char*)address
, IKEV2_UDP_PORT
,
544 FRAGMENTATION_YES
, 0);
546 str
= nm_setting_vpn_get_data_item(vpn
, "proposal");
547 proposal
= streq(str
, "yes");
548 str
= nm_setting_vpn_get_data_item(vpn
, "ike");
549 if (proposal
&& str
&& strlen(str
))
551 enumerator
= enumerator_create_token(str
, ";", "");
552 while (enumerator
->enumerate(enumerator
, &str
))
554 prop
= proposal_create_from_string(PROTO_IKE
, str
);
557 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
558 NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED
,
559 "Invalid IKE proposal.");
560 enumerator
->destroy(enumerator
);
561 ike_cfg
->destroy(ike_cfg
);
562 gateway
->destroy(gateway
);
566 ike_cfg
->add_proposal(ike_cfg
, prop
);
568 enumerator
->destroy(enumerator
);
572 ike_cfg
->add_proposal(ike_cfg
, proposal_create_default(PROTO_IKE
));
573 ike_cfg
->add_proposal(ike_cfg
, proposal_create_default_aead(PROTO_IKE
));
576 peer_cfg
= peer_cfg_create(priv
->name
, ike_cfg
, &peer
);
579 peer_cfg
->add_virtual_ip(peer_cfg
, host_create_from_string("0.0.0.0", 0));
581 auth
= auth_cfg_create();
582 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, auth_class
);
583 auth
->add(auth
, AUTH_RULE_IDENTITY
, user
);
584 peer_cfg
->add_auth_cfg(peer_cfg
, auth
, TRUE
);
585 auth
= auth_cfg_create();
586 if (auth_class
== AUTH_CLASS_PSK
)
588 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, AUTH_CLASS_PSK
);
592 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, AUTH_CLASS_PUBKEY
);
594 auth
->add(auth
, AUTH_RULE_IDENTITY
, gateway
);
595 auth
->add(auth
, AUTH_RULE_IDENTITY_LOOSE
, loose_gateway_id
);
596 peer_cfg
->add_auth_cfg(peer_cfg
, auth
, FALSE
);
598 child_cfg
= child_cfg_create(priv
->name
, &child
);
599 str
= nm_setting_vpn_get_data_item(vpn
, "esp");
600 if (proposal
&& str
&& strlen(str
))
602 enumerator
= enumerator_create_token(str
, ";", "");
603 while (enumerator
->enumerate(enumerator
, &str
))
605 prop
= proposal_create_from_string(PROTO_ESP
, str
);
608 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
609 NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED
,
610 "Invalid ESP proposal.");
611 enumerator
->destroy(enumerator
);
612 child_cfg
->destroy(child_cfg
);
613 peer_cfg
->destroy(peer_cfg
);
616 child_cfg
->add_proposal(child_cfg
, prop
);
618 enumerator
->destroy(enumerator
);
622 child_cfg
->add_proposal(child_cfg
, proposal_create_default(PROTO_ESP
));
623 child_cfg
->add_proposal(child_cfg
, proposal_create_default_aead(PROTO_ESP
));
625 ts
= traffic_selector_create_dynamic(0, 0, 65535);
626 child_cfg
->add_traffic_selector(child_cfg
, TRUE
, ts
);
627 ts
= traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE
,
629 "255.255.255.255", 65535);
630 child_cfg
->add_traffic_selector(child_cfg
, FALSE
, ts
);
631 peer_cfg
->add_child_cfg(peer_cfg
, child_cfg
);
636 ike_sa
= charon
->ike_sa_manager
->checkout_by_config(charon
->ike_sa_manager
,
640 peer_cfg
->destroy(peer_cfg
);
641 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED
,
642 "IKE version not supported.");
645 if (!ike_sa
->get_peer_cfg(ike_sa
))
647 ike_sa
->set_peer_cfg(ike_sa
, peer_cfg
);
649 peer_cfg
->destroy(peer_cfg
);
652 * Register listener, enable initiate-failure-detection hooks
654 priv
->ike_sa
= ike_sa
;
655 priv
->listener
.ike_state_change
= ike_state_change
;
656 priv
->listener
.child_state_change
= child_state_change
;
657 charon
->bus
->add_listener(charon
->bus
, &priv
->listener
);
662 child_cfg
->get_ref(child_cfg
);
663 if (ike_sa
->initiate(ike_sa
, child_cfg
, 0, NULL
, NULL
) != SUCCESS
)
665 charon
->bus
->remove_listener(charon
->bus
, &priv
->listener
);
666 charon
->ike_sa_manager
->checkin_and_destroy(charon
->ike_sa_manager
, ike_sa
);
668 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED
,
669 "Initiating failed.");
672 charon
->ike_sa_manager
->checkin(charon
->ike_sa_manager
, ike_sa
);
677 * NeedSecrets called from NM via DBUS
679 static gboolean
need_secrets(NMVPNPlugin
*plugin
, NMConnection
*connection
,
680 char **setting_name
, GError
**error
)
682 NMSettingVPN
*settings
;
683 const char *method
, *path
;
685 settings
= NM_SETTING_VPN(nm_connection_get_setting(connection
,
686 NM_TYPE_SETTING_VPN
));
687 method
= nm_setting_vpn_get_data_item(settings
, "method");
690 if (streq(method
, "eap") || streq(method
, "psk"))
692 if (nm_setting_vpn_get_secret(settings
, "password"))
697 else if (streq(method
, "agent"))
699 if (nm_setting_vpn_get_secret(settings
, "agent"))
704 else if (streq(method
, "key"))
706 path
= nm_setting_vpn_get_data_item(settings
, "userkey");
711 /* try to load/decrypt the private key */
712 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
,
713 KEY_RSA
, BUILD_FROM_FILE
, path
, BUILD_END
);
719 else if (nm_setting_vpn_get_secret(settings
, "password"))
725 else if (streq(method
, "smartcard"))
727 if (nm_setting_vpn_get_secret(settings
, "password"))
733 *setting_name
= NM_SETTING_VPN_SETTING_NAME
;
738 * Disconnect called from NM via DBUS
740 static gboolean
disconnect(NMVPNPlugin
*plugin
, GError
**err
)
742 NMStrongswanPluginPrivate
*priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
743 enumerator_t
*enumerator
;
747 /* our ike_sa pointer might be invalid, lookup sa */
748 enumerator
= charon
->controller
->create_ike_sa_enumerator(
749 charon
->controller
, TRUE
);
750 while (enumerator
->enumerate(enumerator
, &ike_sa
))
752 if (priv
->ike_sa
== ike_sa
)
754 id
= ike_sa
->get_unique_id(ike_sa
);
755 enumerator
->destroy(enumerator
);
756 charon
->controller
->terminate_ike(charon
->controller
, id
,
757 controller_cb_empty
, NULL
, 0);
761 enumerator
->destroy(enumerator
);
763 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_GENERAL
,
764 "Connection not found.");
771 static void nm_strongswan_plugin_init(NMStrongswanPlugin
*plugin
)
773 NMStrongswanPluginPrivate
*priv
;
775 priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
776 priv
->plugin
= NM_VPN_PLUGIN(plugin
);
777 memset(&priv
->listener
, 0, sizeof(listener_t
));
778 priv
->listener
.child_updown
= child_updown
;
779 priv
->listener
.ike_rekey
= ike_rekey
;
786 static void nm_strongswan_plugin_class_init(
787 NMStrongswanPluginClass
*strongswan_class
)
789 NMVPNPluginClass
*parent_class
= NM_VPN_PLUGIN_CLASS(strongswan_class
);
791 g_type_class_add_private(G_OBJECT_CLASS(strongswan_class
),
792 sizeof(NMStrongswanPluginPrivate
));
793 parent_class
->connect
= connect_
;
794 parent_class
->need_secrets
= need_secrets
;
795 parent_class
->disconnect
= disconnect
;
801 NMStrongswanPlugin
*nm_strongswan_plugin_new(nm_creds_t
*creds
,
802 nm_handler_t
*handler
)
804 NMStrongswanPlugin
*plugin
= (NMStrongswanPlugin
*)g_object_new (
805 NM_TYPE_STRONGSWAN_PLUGIN
,
806 NM_VPN_PLUGIN_DBUS_SERVICE_NAME
, NM_DBUS_SERVICE_STRONGSWAN
,
810 NMStrongswanPluginPrivate
*priv
;
812 /* the rest of the initialization happened in _init above */
813 priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
815 priv
->handler
= handler
;