2 * Copyright (C) 2013 Tobias Brunner
3 * Copyright (C) 2008-2009 Martin Willi
4 * Hochschule fuer Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 #include <nm-setting-vpn.h>
18 #include <nm-setting-connection.h>
19 #include "nm_service.h"
22 #include <networking/host.h>
23 #include <utils/identification.h>
24 #include <config/peer_cfg.h>
25 #include <credentials/certificates/x509.h>
26 #include <networking/tun_device.h>
30 G_DEFINE_TYPE(NMStrongswanPlugin
, nm_strongswan_plugin
, NM_TYPE_VPN_PLUGIN
)
33 * Private data of NMStrongswanPlugin
36 /* implements bus listener interface */
38 /* IKE_SA we are listening on */
40 /* backref to public plugin */
42 /* credentials to use for authentication */
44 /* attribute handler for DNS/NBNS server information */
45 nm_handler_t
*handler
;
46 /* dummy TUN device */
48 /* name of the connection */
50 } NMStrongswanPluginPrivate
;
52 #define NM_STRONGSWAN_PLUGIN_GET_PRIVATE(o) \
53 (G_TYPE_INSTANCE_GET_PRIVATE ((o), \
54 NM_TYPE_STRONGSWAN_PLUGIN, NMStrongswanPluginPrivate))
57 * convert enumerated handler chunks to a UINT_ARRAY GValue
59 static GValue
* handler_to_val(nm_handler_t
*handler
,
60 configuration_attribute_type_t type
)
64 enumerator_t
*enumerator
;
67 enumerator
= handler
->create_enumerator(handler
, type
);
68 array
= g_array_new (FALSE
, TRUE
, sizeof (guint32
));
69 while (enumerator
->enumerate(enumerator
, &chunk
))
71 g_array_append_val (array
, *(u_int32_t
*)chunk
.ptr
);
73 enumerator
->destroy(enumerator
);
74 val
= g_slice_new0 (GValue
);
75 g_value_init (val
, DBUS_TYPE_G_UINT_ARRAY
);
76 g_value_set_boxed (val
, array
);
82 * signal IPv4 config to NM, set connection as established
84 static void signal_ipv4_config(NMVPNPlugin
*plugin
,
85 ike_sa_t
*ike_sa
, child_sa_t
*child_sa
)
87 NMStrongswanPluginPrivate
*priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
90 enumerator_t
*enumerator
;
92 nm_handler_t
*handler
;
94 config
= g_hash_table_new(g_str_hash
, g_str_equal
);
95 handler
= priv
->handler
;
97 /* NM requires a tundev, but netkey does not use one. Passing the physical
98 * interface does not work, as NM fiddles around with it. So we pass a dummy
99 * TUN device along for NM to play with... */
100 val
= g_slice_new0 (GValue
);
101 g_value_init (val
, G_TYPE_STRING
);
102 g_value_set_string (val
, priv
->tun
->get_name(priv
->tun
));
103 g_hash_table_insert (config
, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV
, val
);
105 /* NM installs this IP address on the interface above, so we use the VIP if
108 enumerator
= ike_sa
->create_virtual_ip_enumerator(ike_sa
, TRUE
);
109 if (!enumerator
->enumerate(enumerator
, &me
))
111 me
= ike_sa
->get_my_host(ike_sa
);
113 enumerator
->destroy(enumerator
);
114 val
= g_slice_new0(GValue
);
115 g_value_init(val
, G_TYPE_UINT
);
116 g_value_set_uint(val
, *(u_int32_t
*)me
->get_address(me
).ptr
);
117 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS
, val
);
119 val
= g_slice_new0(GValue
);
120 g_value_init(val
, G_TYPE_UINT
);
121 g_value_set_uint(val
, me
->get_address(me
).len
* 8);
122 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX
, val
);
124 /* prevent NM from changing the default route. we set our own route in our
127 val
= g_slice_new0(GValue
);
128 g_value_init(val
, G_TYPE_BOOLEAN
);
129 g_value_set_boolean(val
, TRUE
);
130 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT
, val
);
132 val
= handler_to_val(handler
, INTERNAL_IP4_DNS
);
133 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_DNS
, val
);
135 val
= handler_to_val(handler
, INTERNAL_IP4_NBNS
);
136 g_hash_table_insert(config
, NM_VPN_PLUGIN_IP4_CONFIG_NBNS
, val
);
138 handler
->reset(handler
);
140 nm_vpn_plugin_set_ip4_config(plugin
, config
);
144 * signal failure to NM, connecting failed
146 static void signal_failure(NMVPNPlugin
*plugin
, NMVPNPluginFailure failure
)
148 nm_handler_t
*handler
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
)->handler
;
150 handler
->reset(handler
);
152 /* TODO: NM does not handle this failure!? */
153 nm_vpn_plugin_failure(plugin
, failure
);
154 nm_vpn_plugin_set_state(plugin
, NM_VPN_SERVICE_STATE_STOPPED
);
158 * Implementation of listener_t.ike_state_change
160 static bool ike_state_change(listener_t
*listener
, ike_sa_t
*ike_sa
,
161 ike_sa_state_t state
)
163 NMStrongswanPluginPrivate
*private = (NMStrongswanPluginPrivate
*)listener
;
165 if (private->ike_sa
== ike_sa
&& state
== IKE_DESTROYING
)
167 signal_failure(private->plugin
, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED
);
174 * Implementation of listener_t.child_state_change
176 static bool child_state_change(listener_t
*listener
, ike_sa_t
*ike_sa
,
177 child_sa_t
*child_sa
, child_sa_state_t state
)
179 NMStrongswanPluginPrivate
*private = (NMStrongswanPluginPrivate
*)listener
;
181 if (private->ike_sa
== ike_sa
&& state
== CHILD_DESTROYING
)
183 signal_failure(private->plugin
, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED
);
190 * Implementation of listener_t.child_updown
192 static bool child_updown(listener_t
*listener
, ike_sa_t
*ike_sa
,
193 child_sa_t
*child_sa
, bool up
)
195 NMStrongswanPluginPrivate
*private = (NMStrongswanPluginPrivate
*)listener
;
197 if (private->ike_sa
== ike_sa
)
200 { /* disable initiate-failure-detection hooks */
201 private->listener
.ike_state_change
= NULL
;
202 private->listener
.child_state_change
= NULL
;
203 signal_ipv4_config(private->plugin
, ike_sa
, child_sa
);
207 signal_failure(private->plugin
, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED
);
215 * Implementation of listener_t.ike_rekey
217 static bool ike_rekey(listener_t
*listener
, ike_sa_t
*old
, ike_sa_t
*new)
219 NMStrongswanPluginPrivate
*private = (NMStrongswanPluginPrivate
*)listener
;
221 if (private->ike_sa
== old
)
222 { /* follow a rekeyed IKE_SA */
223 private->ike_sa
= new;
229 * Find a certificate for which we have a private key on a smartcard
231 static identification_t
*find_smartcard_key(NMStrongswanPluginPrivate
*priv
,
234 enumerator_t
*enumerator
, *sans
;
235 identification_t
*id
= NULL
;
241 enumerator
= lib
->credmgr
->create_cert_enumerator(lib
->credmgr
,
242 CERT_X509
, KEY_ANY
, NULL
, FALSE
);
243 while (enumerator
->enumerate(enumerator
, &cert
))
245 x509
= (x509_t
*)cert
;
247 /* there might be a lot of certificates, filter them by usage */
248 if ((x509
->get_flags(x509
) & X509_CLIENT_AUTH
) &&
249 !(x509
->get_flags(x509
) & X509_CA
))
251 keyid
= x509
->get_subjectKeyIdentifier(x509
);
254 /* try to find a private key by the certificate keyid */
255 priv
->creds
->set_pin(priv
->creds
, keyid
, pin
);
256 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
,
257 KEY_ANY
, BUILD_PKCS11_KEYID
, keyid
, BUILD_END
);
260 /* prefer a more convenient subjectAltName */
261 sans
= x509
->create_subjectAltName_enumerator(x509
);
262 if (!sans
->enumerate(sans
, &id
))
264 id
= cert
->get_subject(cert
);
269 DBG1(DBG_CFG
, "using smartcard certificate '%Y'", id
);
270 priv
->creds
->set_cert_and_key(priv
->creds
,
271 cert
->get_ref(cert
), key
);
277 enumerator
->destroy(enumerator
);
282 * Connect function called from NM via DBUS
284 static gboolean
connect_(NMVPNPlugin
*plugin
, NMConnection
*connection
,
287 NMStrongswanPluginPrivate
*priv
;
288 NMSettingConnection
*conn
;
290 identification_t
*user
= NULL
, *gateway
= NULL
;
291 const char *address
, *str
;
292 bool virtual, encap
, ipcomp
;
294 peer_cfg_t
*peer_cfg
;
295 child_cfg_t
*child_cfg
;
296 traffic_selector_t
*ts
;
299 auth_class_t auth_class
= AUTH_CLASS_EAP
;
300 certificate_t
*cert
= NULL
;
302 bool agent
= FALSE
, smartcard
= FALSE
, loose_gateway_id
= FALSE
;
303 lifetime_cfg_t lifetime
= {
305 .life
= 10800 /* 3h */,
306 .rekey
= 10200 /* 2h50min */,
307 .jitter
= 300 /* 5min */
314 priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
315 conn
= NM_SETTING_CONNECTION(nm_connection_get_setting(connection
,
316 NM_TYPE_SETTING_CONNECTION
));
317 vpn
= NM_SETTING_VPN(nm_connection_get_setting(connection
,
318 NM_TYPE_SETTING_VPN
));
323 priv
->name
= strdup(nm_setting_connection_get_id(conn
));
324 DBG1(DBG_CFG
, "received initiate for NetworkManager connection %s",
327 nm_setting_to_string(NM_SETTING(vpn
)));
330 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED
,
331 "Failed to create dummy TUN device.");
334 address
= nm_setting_vpn_get_data_item(vpn
, "address");
335 if (!address
|| !*address
)
337 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
338 "Gateway address missing.");
341 str
= nm_setting_vpn_get_data_item(vpn
, "virtual");
342 virtual = str
&& streq(str
, "yes");
343 str
= nm_setting_vpn_get_data_item(vpn
, "encap");
344 encap
= str
&& streq(str
, "yes");
345 str
= nm_setting_vpn_get_data_item(vpn
, "ipcomp");
346 ipcomp
= str
&& streq(str
, "yes");
347 str
= nm_setting_vpn_get_data_item(vpn
, "method");
350 if (streq(str
, "psk"))
352 auth_class
= AUTH_CLASS_PSK
;
354 else if (streq(str
, "agent"))
356 auth_class
= AUTH_CLASS_PUBKEY
;
359 else if (streq(str
, "key"))
361 auth_class
= AUTH_CLASS_PUBKEY
;
363 else if (streq(str
, "smartcard"))
365 auth_class
= AUTH_CLASS_PUBKEY
;
371 * Register credentials
373 priv
->creds
->clear(priv
->creds
);
375 /* gateway/CA cert */
376 str
= nm_setting_vpn_get_data_item(vpn
, "certificate");
379 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
380 BUILD_FROM_FILE
, str
, BUILD_END
);
383 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
384 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
385 "Loading gateway certificate failed.");
388 priv
->creds
->add_certificate(priv
->creds
, cert
);
390 x509
= (x509_t
*)cert
;
391 if (!(x509
->get_flags(x509
) & X509_CA
))
392 { /* For a gateway certificate, we use the cert subject as identity. */
393 gateway
= cert
->get_subject(cert
);
394 gateway
= gateway
->clone(gateway
);
395 DBG1(DBG_CFG
, "using gateway certificate, identity '%Y'", gateway
);
400 /* no certificate defined, fall back to system-wide CA certificates */
401 priv
->creds
->load_ca_dir(priv
->creds
, NM_CA_DIR
);
405 /* If the user configured a CA certificate, we use the IP/DNS
406 * of the gateway as its identity. This identity will be used for
407 * certificate lookup and requires the configured IP/DNS to be
408 * included in the gateway certificate. */
409 gateway
= identification_create_from_string((char*)address
);
410 DBG1(DBG_CFG
, "using CA certificate, gateway identity '%Y'", gateway
);
411 loose_gateway_id
= TRUE
;
414 if (auth_class
== AUTH_CLASS_EAP
||
415 auth_class
== AUTH_CLASS_PSK
)
417 /* username/password or PSK authentication ... */
418 str
= nm_setting_vpn_get_data_item(vpn
, "user");
421 user
= identification_create_from_string((char*)str
);
422 str
= nm_setting_vpn_get_secret(vpn
, "password");
423 priv
->creds
->set_username_password(priv
->creds
, user
, (char*)str
);
427 if (auth_class
== AUTH_CLASS_PUBKEY
)
433 pin
= (char*)nm_setting_vpn_get_secret(vpn
, "password");
436 user
= find_smartcard_key(priv
, pin
);
440 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
441 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
442 "no usable smartcard certificate found.");
443 gateway
->destroy(gateway
);
447 /* ... or certificate/private key authenitcation */
448 else if ((str
= nm_setting_vpn_get_data_item(vpn
, "usercert")))
450 public_key_t
*public;
451 private_key_t
*private = NULL
;
453 cert
= lib
->creds
->create(lib
->creds
, CRED_CERTIFICATE
, CERT_X509
,
454 BUILD_FROM_FILE
, str
, BUILD_END
);
457 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
458 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
459 "Loading peer certificate failed.");
460 gateway
->destroy(gateway
);
464 str
= nm_setting_vpn_get_secret(vpn
, "agent");
467 public = cert
->get_public_key(cert
);
470 private = lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
,
471 public->get_type(public),
472 BUILD_AGENT_SOCKET
, str
,
473 BUILD_PUBLIC_KEY
, public,
475 public->destroy(public);
479 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
480 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
481 "Connecting to SSH agent failed.");
484 /* ... or key file */
485 str
= nm_setting_vpn_get_data_item(vpn
, "userkey");
490 secret
= (char*)nm_setting_vpn_get_secret(vpn
, "password");
493 priv
->creds
->set_key_password(priv
->creds
, secret
);
495 private = lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
,
496 KEY_RSA
, BUILD_FROM_FILE
, str
, BUILD_END
);
499 g_set_error(err
, NM_VPN_PLUGIN_ERROR
,
500 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
501 "Loading private key failed.");
506 user
= cert
->get_subject(cert
);
507 user
= user
->clone(user
);
508 priv
->creds
->set_cert_and_key(priv
->creds
, cert
, private);
513 gateway
->destroy(gateway
);
521 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS
,
522 "Configuration parameters missing.");
523 gateway
->destroy(gateway
);
528 * Set up configurations
530 ike_cfg
= ike_cfg_create(IKEV2
, TRUE
, encap
, "0.0.0.0",
531 charon
->socket
->get_port(charon
->socket
, FALSE
),
532 (char*)address
, IKEV2_UDP_PORT
,
533 FRAGMENTATION_NO
, 0);
534 ike_cfg
->add_proposal(ike_cfg
, proposal_create_default(PROTO_IKE
));
535 ike_cfg
->add_proposal(ike_cfg
, proposal_create_default_aead(PROTO_IKE
));
536 peer_cfg
= peer_cfg_create(priv
->name
, ike_cfg
,
537 CERT_SEND_IF_ASKED
, UNIQUE_REPLACE
, 1, /* keyingtries */
538 36000, 0, /* rekey 10h, reauth none */
539 600, 600, /* jitter, over 10min */
540 TRUE
, FALSE
, TRUE
, /* mobike, aggressive, pull */
541 0, 0, /* DPD delay, timeout */
542 FALSE
, NULL
, NULL
); /* mediation */
545 peer_cfg
->add_virtual_ip(peer_cfg
, host_create_from_string("0.0.0.0", 0));
547 auth
= auth_cfg_create();
548 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, auth_class
);
549 auth
->add(auth
, AUTH_RULE_IDENTITY
, user
);
550 peer_cfg
->add_auth_cfg(peer_cfg
, auth
, TRUE
);
551 auth
= auth_cfg_create();
552 if (auth_class
== AUTH_CLASS_PSK
)
554 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, AUTH_CLASS_PSK
);
558 auth
->add(auth
, AUTH_RULE_AUTH_CLASS
, AUTH_CLASS_PUBKEY
);
560 auth
->add(auth
, AUTH_RULE_IDENTITY
, gateway
);
561 auth
->add(auth
, AUTH_RULE_IDENTITY_LOOSE
, loose_gateway_id
);
562 peer_cfg
->add_auth_cfg(peer_cfg
, auth
, FALSE
);
564 child_cfg
= child_cfg_create(priv
->name
, &lifetime
,
565 NULL
, TRUE
, MODE_TUNNEL
, /* updown, hostaccess */
566 ACTION_NONE
, ACTION_NONE
, ACTION_NONE
, ipcomp
,
567 0, 0, NULL
, NULL
, 0);
568 child_cfg
->add_proposal(child_cfg
, proposal_create_default(PROTO_ESP
));
569 child_cfg
->add_proposal(child_cfg
, proposal_create_default_aead(PROTO_ESP
));
570 ts
= traffic_selector_create_dynamic(0, 0, 65535);
571 child_cfg
->add_traffic_selector(child_cfg
, TRUE
, ts
);
572 ts
= traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE
,
574 "255.255.255.255", 65535);
575 child_cfg
->add_traffic_selector(child_cfg
, FALSE
, ts
);
576 peer_cfg
->add_child_cfg(peer_cfg
, child_cfg
);
581 ike_sa
= charon
->ike_sa_manager
->checkout_by_config(charon
->ike_sa_manager
,
585 peer_cfg
->destroy(peer_cfg
);
586 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED
,
587 "IKE version not supported.");
590 if (!ike_sa
->get_peer_cfg(ike_sa
))
592 ike_sa
->set_peer_cfg(ike_sa
, peer_cfg
);
594 peer_cfg
->destroy(peer_cfg
);
597 * Register listener, enable initiate-failure-detection hooks
599 priv
->ike_sa
= ike_sa
;
600 priv
->listener
.ike_state_change
= ike_state_change
;
601 priv
->listener
.child_state_change
= child_state_change
;
602 charon
->bus
->add_listener(charon
->bus
, &priv
->listener
);
607 child_cfg
->get_ref(child_cfg
);
608 if (ike_sa
->initiate(ike_sa
, child_cfg
, 0, NULL
, NULL
) != SUCCESS
)
610 charon
->bus
->remove_listener(charon
->bus
, &priv
->listener
);
611 charon
->ike_sa_manager
->checkin_and_destroy(charon
->ike_sa_manager
, ike_sa
);
613 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED
,
614 "Initiating failed.");
617 charon
->ike_sa_manager
->checkin(charon
->ike_sa_manager
, ike_sa
);
622 * NeedSecrets called from NM via DBUS
624 static gboolean
need_secrets(NMVPNPlugin
*plugin
, NMConnection
*connection
,
625 char **setting_name
, GError
**error
)
627 NMSettingVPN
*settings
;
628 const char *method
, *path
;
630 settings
= NM_SETTING_VPN(nm_connection_get_setting(connection
,
631 NM_TYPE_SETTING_VPN
));
632 method
= nm_setting_vpn_get_data_item(settings
, "method");
635 if (streq(method
, "eap") || streq(method
, "psk"))
637 if (nm_setting_vpn_get_secret(settings
, "password"))
642 else if (streq(method
, "agent"))
644 if (nm_setting_vpn_get_secret(settings
, "agent"))
649 else if (streq(method
, "key"))
651 path
= nm_setting_vpn_get_data_item(settings
, "userkey");
656 /* try to load/decrypt the private key */
657 key
= lib
->creds
->create(lib
->creds
, CRED_PRIVATE_KEY
,
658 KEY_RSA
, BUILD_FROM_FILE
, path
, BUILD_END
);
664 else if (nm_setting_vpn_get_secret(settings
, "password"))
670 else if (streq(method
, "smartcard"))
672 if (nm_setting_vpn_get_secret(settings
, "password"))
678 *setting_name
= NM_SETTING_VPN_SETTING_NAME
;
683 * Disconnect called from NM via DBUS
685 static gboolean
disconnect(NMVPNPlugin
*plugin
, GError
**err
)
687 NMStrongswanPluginPrivate
*priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
688 enumerator_t
*enumerator
;
692 /* our ike_sa pointer might be invalid, lookup sa */
693 enumerator
= charon
->controller
->create_ike_sa_enumerator(
694 charon
->controller
, TRUE
);
695 while (enumerator
->enumerate(enumerator
, &ike_sa
))
697 if (priv
->ike_sa
== ike_sa
)
699 id
= ike_sa
->get_unique_id(ike_sa
);
700 enumerator
->destroy(enumerator
);
701 charon
->controller
->terminate_ike(charon
->controller
, id
,
702 controller_cb_empty
, NULL
, 0);
706 enumerator
->destroy(enumerator
);
708 g_set_error(err
, NM_VPN_PLUGIN_ERROR
, NM_VPN_PLUGIN_ERROR_GENERAL
,
709 "Connection not found.");
716 static void nm_strongswan_plugin_init(NMStrongswanPlugin
*plugin
)
718 NMStrongswanPluginPrivate
*priv
;
720 priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
721 priv
->plugin
= NM_VPN_PLUGIN(plugin
);
722 memset(&priv
->listener
, 0, sizeof(listener_t
));
723 priv
->listener
.child_updown
= child_updown
;
724 priv
->listener
.ike_rekey
= ike_rekey
;
725 priv
->tun
= tun_device_create(NULL
);
732 static void nm_strongswan_plugin_dispose(GObject
*obj
)
734 NMStrongswanPlugin
*plugin
;
735 NMStrongswanPluginPrivate
*priv
;
737 plugin
= NM_STRONGSWAN_PLUGIN(obj
);
738 priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
741 priv
->tun
->destroy(priv
->tun
);
749 static void nm_strongswan_plugin_class_init(
750 NMStrongswanPluginClass
*strongswan_class
)
752 NMVPNPluginClass
*parent_class
= NM_VPN_PLUGIN_CLASS(strongswan_class
);
754 g_type_class_add_private(G_OBJECT_CLASS(strongswan_class
),
755 sizeof(NMStrongswanPluginPrivate
));
756 parent_class
->connect
= connect_
;
757 parent_class
->need_secrets
= need_secrets
;
758 parent_class
->disconnect
= disconnect
;
759 G_OBJECT_CLASS(strongswan_class
)->dispose
= nm_strongswan_plugin_dispose
;
765 NMStrongswanPlugin
*nm_strongswan_plugin_new(nm_creds_t
*creds
,
766 nm_handler_t
*handler
)
768 NMStrongswanPlugin
*plugin
= (NMStrongswanPlugin
*)g_object_new (
769 NM_TYPE_STRONGSWAN_PLUGIN
,
770 NM_VPN_PLUGIN_DBUS_SERVICE_NAME
, NM_DBUS_SERVICE_STRONGSWAN
,
774 NMStrongswanPluginPrivate
*priv
;
776 /* the rest of the initialization happened in _init above */
777 priv
= NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin
);
779 priv
->handler
= handler
;