maemo: Remove unused plugin
This commit is contained in:
parent
5f564b94a0
commit
d8f27ba679
12
configure.ac
12
configure.ac
|
@ -262,7 +262,6 @@ ARG_ENABL_SET([ha], [enable high availability cluster plugin.])
|
|||
ARG_ENABL_SET([led], [enable plugin to control LEDs on IKEv2 activity using the Linux kernel LED subsystem.])
|
||||
ARG_ENABL_SET([load-tester], [enable load testing plugin for IKEv2 daemon.])
|
||||
ARG_ENABL_SET([lookip], [enable fast virtual IP lookup and notification plugin.])
|
||||
ARG_ENABL_SET([maemo], [enable Maemo specific plugin.])
|
||||
ARG_ENABL_SET([radattr], [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.])
|
||||
ARG_ENABL_SET([systime-fix], [enable plugin to handle cert lifetimes with invalid system time gracefully.])
|
||||
ARG_ENABL_SET([test-vectors], [enable plugin providing crypto test vectors.])
|
||||
|
@ -1140,14 +1139,6 @@ if test x$android_dns = xtrue; then
|
|||
AC_SUBST(DLLIB)
|
||||
fi
|
||||
|
||||
if test x$maemo = xtrue; then
|
||||
PKG_CHECK_MODULES(maemo, [glib-2.0 gthread-2.0 libosso osso-af-settings])
|
||||
AC_SUBST(maemo_CFLAGS)
|
||||
AC_SUBST(maemo_LIBS)
|
||||
dbusservicedir="/usr/share/dbus-1/system-services"
|
||||
AC_SUBST(dbusservicedir)
|
||||
fi
|
||||
|
||||
if test x$eap_sim_pcsc = xtrue; then
|
||||
PKG_CHECK_MODULES(pcsclite, [libpcsclite])
|
||||
AC_SUBST(pcsclite_CFLAGS)
|
||||
|
@ -1447,7 +1438,6 @@ ADD_PLUGIN([led], [c charon])
|
|||
ADD_PLUGIN([duplicheck], [c charon])
|
||||
ADD_PLUGIN([coupling], [c charon])
|
||||
ADD_PLUGIN([radattr], [c charon])
|
||||
ADD_PLUGIN([maemo], [c charon])
|
||||
ADD_PLUGIN([uci], [c charon])
|
||||
ADD_PLUGIN([addrblock], [c charon])
|
||||
ADD_PLUGIN([unity], [c charon])
|
||||
|
@ -1542,7 +1532,6 @@ AM_CONDITIONAL(USE_OSX_ATTR, test x$osx_attr = xtrue)
|
|||
AM_CONDITIONAL(USE_P_CSCF, test x$p_cscf = xtrue)
|
||||
AM_CONDITIONAL(USE_ANDROID_DNS, test x$android_dns = xtrue)
|
||||
AM_CONDITIONAL(USE_ANDROID_LOG, test x$android_log = xtrue)
|
||||
AM_CONDITIONAL(USE_MAEMO, test x$maemo = xtrue)
|
||||
AM_CONDITIONAL(USE_SMP, test x$smp = xtrue)
|
||||
AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
|
||||
AM_CONDITIONAL(USE_DNSCERT, test x$dnscert = xtrue)
|
||||
|
@ -1891,7 +1880,6 @@ AC_CONFIG_FILES([
|
|||
src/libcharon/plugins/p_cscf/Makefile
|
||||
src/libcharon/plugins/android_dns/Makefile
|
||||
src/libcharon/plugins/android_log/Makefile
|
||||
src/libcharon/plugins/maemo/Makefile
|
||||
src/libcharon/plugins/stroke/Makefile
|
||||
src/libcharon/plugins/vici/Makefile
|
||||
src/libcharon/plugins/vici/ruby/Makefile
|
||||
|
|
|
@ -32,7 +32,7 @@ printf-builtin)
|
|||
all)
|
||||
CONFIG="--enable-all --disable-android-dns --disable-android-log
|
||||
--disable-dumm --disable-kernel-pfroute --disable-keychain
|
||||
--disable-lock-profiler --disable-maemo --disable-padlock
|
||||
--disable-lock-profiler --disable-padlock
|
||||
--disable-osx-attr --disable-tkm --disable-uci
|
||||
--disable-systemd --disable-soup --disable-unwind-backtraces
|
||||
--disable-svc --disable-dbghelp-backtraces --disable-socket-win
|
||||
|
|
|
@ -513,13 +513,6 @@ if MONOLITHIC
|
|||
endif
|
||||
endif
|
||||
|
||||
if USE_MAEMO
|
||||
SUBDIRS += plugins/maemo
|
||||
if MONOLITHIC
|
||||
libcharon_la_LIBADD += plugins/maemo/libstrongswan-maemo.la
|
||||
endif
|
||||
endif
|
||||
|
||||
if USE_HA
|
||||
SUBDIRS += plugins/ha
|
||||
if MONOLITHIC
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/src/libstrongswan \
|
||||
-I$(top_srcdir)/src/libcharon
|
||||
|
||||
AM_CFLAGS = \
|
||||
${maemo_CFLAGS} \
|
||||
$(PLUGIN_CFLAGS)
|
||||
|
||||
if MONOLITHIC
|
||||
noinst_LTLIBRARIES = libstrongswan-maemo.la
|
||||
else
|
||||
plugin_LTLIBRARIES = libstrongswan-maemo.la
|
||||
endif
|
||||
|
||||
libstrongswan_maemo_la_SOURCES = \
|
||||
maemo_plugin.h maemo_plugin.c \
|
||||
maemo_service.h maemo_service.c
|
||||
|
||||
libstrongswan_maemo_la_LDFLAGS = -module -avoid-version
|
||||
libstrongswan_maemo_la_LIBADD = ${maemo_LIBS}
|
||||
|
||||
dbusservice_DATA = org.strongswan.charon.service
|
||||
|
||||
org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in
|
||||
$(AM_V_GEN) \
|
||||
sed -e 's|[@]LIBEXECDIR[@]|$(libexecdir)|' $< >$@
|
||||
|
||||
EXTRA_DIST = org.strongswan.charon.service.in
|
||||
CLEANFILES = $(dbusservice_DATA)
|
|
@ -1,87 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "maemo_plugin.h"
|
||||
#include "maemo_service.h"
|
||||
|
||||
#include <daemon.h>
|
||||
|
||||
typedef struct private_maemo_plugin_t private_maemo_plugin_t;
|
||||
|
||||
/**
|
||||
* private data of maemo plugin
|
||||
*/
|
||||
struct private_maemo_plugin_t {
|
||||
|
||||
/**
|
||||
* implements plugin interface
|
||||
*/
|
||||
maemo_plugin_t public;
|
||||
|
||||
/**
|
||||
* service
|
||||
*/
|
||||
maemo_service_t *service;
|
||||
};
|
||||
|
||||
METHOD(plugin_t, get_name, char*,
|
||||
private_maemo_plugin_t *this)
|
||||
{
|
||||
return "maemo";
|
||||
}
|
||||
|
||||
METHOD(plugin_t, get_features, int,
|
||||
private_maemo_plugin_t *this, plugin_feature_t *features[])
|
||||
{
|
||||
static plugin_feature_t f[] = {
|
||||
PLUGIN_NOOP,
|
||||
PLUGIN_PROVIDE(CUSTOM, "maemo"),
|
||||
};
|
||||
*features = f;
|
||||
return countof(f);
|
||||
}
|
||||
|
||||
METHOD(plugin_t, destroy, void,
|
||||
private_maemo_plugin_t *this)
|
||||
{
|
||||
this->service->destroy(this->service);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* See header
|
||||
*/
|
||||
plugin_t *maemo_plugin_create()
|
||||
{
|
||||
private_maemo_plugin_t *this;
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.plugin = {
|
||||
.get_name = _get_name,
|
||||
.get_features = _get_features,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
},
|
||||
);
|
||||
|
||||
this->service = maemo_service_create();
|
||||
if (!this->service)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return &this->public.plugin;
|
||||
}
|
|
@ -1,42 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup maemo maemo
|
||||
* @ingroup cplugins
|
||||
*
|
||||
* @defgroup maemo_plugin maemo_plugin
|
||||
* @{ @ingroup maemo
|
||||
*/
|
||||
|
||||
#ifndef MAEMO_PLUGIN_H_
|
||||
#define MAEMO_PLUGIN_H_
|
||||
|
||||
#include <plugins/plugin.h>
|
||||
|
||||
typedef struct maemo_plugin_t maemo_plugin_t;
|
||||
|
||||
/**
|
||||
* Maemo integration plugin.
|
||||
*/
|
||||
struct maemo_plugin_t {
|
||||
|
||||
/**
|
||||
* implements plugin interface
|
||||
*/
|
||||
plugin_t plugin;
|
||||
};
|
||||
|
||||
#endif /** MAEMO_PLUGIN_H_ @}*/
|
|
@ -1,530 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <glib.h>
|
||||
#include <libosso.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include "maemo_service.h"
|
||||
|
||||
#include <daemon.h>
|
||||
#include <credentials/sets/mem_cred.h>
|
||||
#include <processing/jobs/callback_job.h>
|
||||
|
||||
#define OSSO_STATUS_NAME "status"
|
||||
#define OSSO_STATUS_SERVICE "org.strongswan."OSSO_STATUS_NAME
|
||||
#define OSSO_STATUS_OBJECT "/org/strongswan/"OSSO_STATUS_NAME
|
||||
#define OSSO_STATUS_IFACE "org.strongswan."OSSO_STATUS_NAME
|
||||
|
||||
#define OSSO_CHARON_NAME "charon"
|
||||
#define OSSO_CHARON_SERVICE "org.strongswan."OSSO_CHARON_NAME
|
||||
#define OSSO_CHARON_OBJECT "/org/strongswan/"OSSO_CHARON_NAME
|
||||
#define OSSO_CHARON_IFACE "org.strongswan."OSSO_CHARON_NAME
|
||||
|
||||
#define MAEMO_COMMON_CA_DIR "/etc/certs/common-ca"
|
||||
#define MAEMO_USER_CA_DIR "/home/user/.maemosec-certs/wifi-ca"
|
||||
/* there is also an smime-ca and an ssl-ca sub-directory and the same for
|
||||
* ...-user, which store end user/server certificates */
|
||||
|
||||
typedef enum {
|
||||
VPN_STATUS_DISCONNECTED,
|
||||
VPN_STATUS_CONNECTING,
|
||||
VPN_STATUS_CONNECTED,
|
||||
VPN_STATUS_AUTH_FAILED,
|
||||
VPN_STATUS_CONNECTION_FAILED,
|
||||
} vpn_status_t;
|
||||
|
||||
typedef struct private_maemo_service_t private_maemo_service_t;
|
||||
|
||||
/**
|
||||
* private data of maemo service
|
||||
*/
|
||||
struct private_maemo_service_t {
|
||||
|
||||
/**
|
||||
* public interface
|
||||
*/
|
||||
maemo_service_t public;
|
||||
|
||||
/**
|
||||
* credentials
|
||||
*/
|
||||
mem_cred_t *creds;
|
||||
|
||||
/**
|
||||
* Glib main loop for a thread, handles DBUS calls
|
||||
*/
|
||||
GMainLoop *loop;
|
||||
|
||||
/**
|
||||
* Context for OSSO
|
||||
*/
|
||||
osso_context_t *context;
|
||||
|
||||
/**
|
||||
* Current IKE_SA
|
||||
*/
|
||||
ike_sa_t *ike_sa;
|
||||
|
||||
/**
|
||||
* Status of the current connection
|
||||
*/
|
||||
vpn_status_t status;
|
||||
|
||||
/**
|
||||
* Name of the current connection
|
||||
*/
|
||||
gchar *current;
|
||||
|
||||
};
|
||||
|
||||
static gint change_status(private_maemo_service_t *this, int status)
|
||||
{
|
||||
osso_rpc_t retval;
|
||||
gint res;
|
||||
this->status = status;
|
||||
res = osso_rpc_run (this->context, OSSO_STATUS_SERVICE, OSSO_STATUS_OBJECT,
|
||||
OSSO_STATUS_IFACE, "StatusChanged", &retval,
|
||||
DBUS_TYPE_INT32, status,
|
||||
DBUS_TYPE_INVALID);
|
||||
return res;
|
||||
}
|
||||
|
||||
METHOD(listener_t, ike_updown, bool,
|
||||
private_maemo_service_t *this, ike_sa_t *ike_sa, bool up)
|
||||
{
|
||||
/* this callback is only registered during initiation, so if the IKE_SA
|
||||
* goes down we assume an authentication error */
|
||||
if (this->ike_sa == ike_sa && !up)
|
||||
{
|
||||
change_status(this, VPN_STATUS_AUTH_FAILED);
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(listener_t, ike_state_change, bool,
|
||||
private_maemo_service_t *this, ike_sa_t *ike_sa, ike_sa_state_t state)
|
||||
{
|
||||
/* this call back is only registered during initiation */
|
||||
if (this->ike_sa == ike_sa && state == IKE_DESTROYING)
|
||||
{
|
||||
change_status(this, VPN_STATUS_CONNECTION_FAILED);
|
||||
return FALSE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(listener_t, child_updown, bool,
|
||||
private_maemo_service_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
|
||||
bool up)
|
||||
{
|
||||
if (this->ike_sa == ike_sa)
|
||||
{
|
||||
if (up)
|
||||
{
|
||||
/* disable hooks registered to catch initiation failures */
|
||||
this->public.listener.ike_updown = NULL;
|
||||
this->public.listener.ike_state_change = NULL;
|
||||
change_status(this, VPN_STATUS_CONNECTED);
|
||||
}
|
||||
else
|
||||
{
|
||||
change_status(this, VPN_STATUS_CONNECTION_FAILED);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(listener_t, ike_rekey, bool,
|
||||
private_maemo_service_t *this, ike_sa_t *old, ike_sa_t *new)
|
||||
{
|
||||
if (this->ike_sa == old)
|
||||
{
|
||||
this->ike_sa = new;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* load all CA certificates in the given directory
|
||||
*/
|
||||
static void load_ca_dir(private_maemo_service_t *this, char *dir)
|
||||
{
|
||||
enumerator_t *enumerator;
|
||||
char *rel, *abs;
|
||||
struct stat st;
|
||||
|
||||
enumerator = enumerator_create_directory(dir);
|
||||
if (enumerator)
|
||||
{
|
||||
while (enumerator->enumerate(enumerator, &rel, &abs, &st))
|
||||
{
|
||||
if (rel[0] != '.')
|
||||
{
|
||||
if (S_ISREG(st.st_mode))
|
||||
{
|
||||
certificate_t *cert;
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE,
|
||||
CERT_X509, BUILD_FROM_FILE, abs,
|
||||
BUILD_END);
|
||||
if (!cert)
|
||||
{
|
||||
DBG1(DBG_CFG, "loading CA certificate '%s' failed",
|
||||
abs);
|
||||
continue;
|
||||
}
|
||||
DBG2(DBG_CFG, "loaded CA certificate '%Y'",
|
||||
cert->get_subject(cert));
|
||||
this->creds->add_cert(this->creds, TRUE, cert);
|
||||
}
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
}
|
||||
}
|
||||
|
||||
static void disconnect(private_maemo_service_t *this)
|
||||
{
|
||||
ike_sa_t *ike_sa;
|
||||
u_int id;
|
||||
|
||||
if (!this->current)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
/* avoid status updates, as this is called from the Glib main loop */
|
||||
charon->bus->remove_listener(charon->bus, &this->public.listener);
|
||||
|
||||
ike_sa = charon->ike_sa_manager->checkout_by_name(charon->ike_sa_manager,
|
||||
this->current, FALSE);
|
||||
if (ike_sa)
|
||||
{
|
||||
id = ike_sa->get_unique_id(ike_sa);
|
||||
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
||||
charon->controller->terminate_ike(charon->controller, id,
|
||||
NULL, NULL, 0);
|
||||
}
|
||||
this->current = (g_free(this->current), NULL);
|
||||
this->status = VPN_STATUS_DISCONNECTED;
|
||||
}
|
||||
|
||||
static gboolean initiate_connection(private_maemo_service_t *this,
|
||||
GArray *arguments)
|
||||
{
|
||||
gint i;
|
||||
gchar *hostname = NULL, *cacert = NULL, *username = NULL, *password = NULL;
|
||||
identification_t *gateway = NULL, *user = NULL;
|
||||
ike_sa_t *ike_sa;
|
||||
ike_cfg_t *ike_cfg;
|
||||
peer_cfg_t *peer_cfg;
|
||||
child_cfg_t *child_cfg;
|
||||
traffic_selector_t *ts;
|
||||
auth_cfg_t *auth;
|
||||
certificate_t *cert;
|
||||
peer_cfg_create_t peer = {
|
||||
.cert_policy = CERT_SEND_IF_ASKED,
|
||||
.unique = UNIQUE_REPLACE,
|
||||
.keyingtries = 1,
|
||||
.rekey_time = 36000, /* 10h */
|
||||
.jitter_time = 600, /* 10min */
|
||||
.over_time = 600, /* 10min */
|
||||
};
|
||||
child_cfg_create_t child = {
|
||||
.lifetime = {
|
||||
.time = {
|
||||
.life = 10800, /* 3h */
|
||||
.rekey = 10200, /* 2h50min */
|
||||
.jitter = 300 /* 5min */
|
||||
},
|
||||
},
|
||||
.mode = MODE_TUNNEL,
|
||||
};
|
||||
|
||||
if (this->status == VPN_STATUS_CONNECTED ||
|
||||
this->status == VPN_STATUS_CONNECTING)
|
||||
{
|
||||
DBG1(DBG_CFG, "currently connected to '%s', disconnecting first",
|
||||
this->current);
|
||||
disconnect (this);
|
||||
}
|
||||
|
||||
if (arguments->len != 5)
|
||||
{
|
||||
DBG1(DBG_CFG, "wrong number of arguments: %d", arguments->len);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
for (i = 0; i < arguments->len; i++)
|
||||
{
|
||||
osso_rpc_t *arg = &g_array_index(arguments, osso_rpc_t, i);
|
||||
if (arg->type != DBUS_TYPE_STRING)
|
||||
{
|
||||
DBG1(DBG_CFG, "invalid argument [%d]: %d", i, arg->type);
|
||||
return FALSE;
|
||||
}
|
||||
switch (i)
|
||||
{
|
||||
case 0: /* name */
|
||||
this->current = (g_free(this->current), NULL);
|
||||
this->current = g_strdup(arg->value.s);
|
||||
break;
|
||||
case 1: /* hostname */
|
||||
hostname = arg->value.s;
|
||||
break;
|
||||
case 2: /* CA certificate path */
|
||||
cacert = arg->value.s;
|
||||
break;
|
||||
case 3: /* username */
|
||||
username = arg->value.s;
|
||||
break;
|
||||
case 4: /* password */
|
||||
password = arg->value.s;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
DBG1(DBG_CFG, "received initiate for connection '%s'", this->current);
|
||||
|
||||
this->creds->clear(this->creds);
|
||||
|
||||
if (cacert && !streq(cacert, ""))
|
||||
{
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||
BUILD_FROM_FILE, cacert, BUILD_END);
|
||||
if (cert)
|
||||
{
|
||||
this->creds->add_cert(this->creds, TRUE, cert);
|
||||
}
|
||||
else
|
||||
{
|
||||
DBG1(DBG_CFG, "failed to load CA certificate");
|
||||
}
|
||||
/* if this is a server cert we could use the cert subject as id */
|
||||
}
|
||||
else
|
||||
{
|
||||
load_ca_dir(this, MAEMO_COMMON_CA_DIR);
|
||||
load_ca_dir(this, MAEMO_USER_CA_DIR);
|
||||
}
|
||||
|
||||
gateway = identification_create_from_string(hostname);
|
||||
DBG1(DBG_CFG, "using CA certificate, gateway identitiy '%Y'", gateway);
|
||||
|
||||
{
|
||||
shared_key_t *shared_key;
|
||||
chunk_t secret = chunk_create(password, strlen(password));
|
||||
user = identification_create_from_string(username);
|
||||
shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
|
||||
this->creds->add_shared(this->creds, shared_key, user->clone(user),
|
||||
NULL);
|
||||
}
|
||||
|
||||
ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0",
|
||||
charon->socket->get_port(charon->socket, FALSE),
|
||||
hostname, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
|
||||
|
||||
peer_cfg = peer_cfg_create(this->current, ike_cfg, &peer);
|
||||
peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
|
||||
|
||||
auth = auth_cfg_create();
|
||||
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
|
||||
auth->add(auth, AUTH_RULE_IDENTITY, user);
|
||||
peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
|
||||
auth = auth_cfg_create();
|
||||
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
|
||||
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
|
||||
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
|
||||
|
||||
child_cfg = child_cfg_create(this->current, &child);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
|
||||
0, "255.255.255.255", 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
|
||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||
|
||||
/* get us an IKE_SA */
|
||||
ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
|
||||
peer_cfg);
|
||||
if (!ike_sa)
|
||||
{
|
||||
peer_cfg->destroy(peer_cfg);
|
||||
this->status = VPN_STATUS_CONNECTION_FAILED;
|
||||
return FALSE;
|
||||
}
|
||||
if (!ike_sa->get_peer_cfg(ike_sa))
|
||||
{
|
||||
ike_sa->set_peer_cfg(ike_sa, peer_cfg);
|
||||
}
|
||||
peer_cfg->destroy(peer_cfg);
|
||||
|
||||
/* store the IKE_SA, so we can track its progress */
|
||||
this->ike_sa = ike_sa;
|
||||
this->status = VPN_STATUS_CONNECTING;
|
||||
this->public.listener.ike_updown = _ike_updown;
|
||||
this->public.listener.ike_state_change = _ike_state_change;
|
||||
charon->bus->add_listener(charon->bus, &this->public.listener);
|
||||
|
||||
/* get an additional reference because initiate consumes one */
|
||||
child_cfg->get_ref(child_cfg);
|
||||
if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
|
||||
{
|
||||
DBG1(DBG_CFG, "failed to initiate tunnel");
|
||||
charon->bus->remove_listener(charon->bus, &this->public.listener);
|
||||
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
|
||||
ike_sa);
|
||||
this->status = VPN_STATUS_CONNECTION_FAILED;
|
||||
return FALSE;
|
||||
}
|
||||
charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Callback for libosso dbus wrapper
|
||||
*/
|
||||
static gint dbus_req_handler(const gchar *interface, const gchar *method,
|
||||
GArray *arguments, private_maemo_service_t *this,
|
||||
osso_rpc_t *retval)
|
||||
{
|
||||
if (streq(method, "Start"))
|
||||
{ /* void start (void), dummy function to start charon as root */
|
||||
return OSSO_OK;
|
||||
}
|
||||
else if (streq(method, "Connect"))
|
||||
{ /* bool connect (name, host, cert, user, pass) */
|
||||
retval->value.b = initiate_connection(this, arguments);
|
||||
retval->type = DBUS_TYPE_BOOLEAN;
|
||||
}
|
||||
else if (streq(method, "Disconnect"))
|
||||
{ /* void disconnect (void) */
|
||||
disconnect(this);
|
||||
}
|
||||
else
|
||||
{
|
||||
return OSSO_ERROR;
|
||||
}
|
||||
return OSSO_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
* Main loop to handle D-BUS messages.
|
||||
*/
|
||||
static job_requeue_t run(private_maemo_service_t *this)
|
||||
{
|
||||
this->loop = g_main_loop_new(NULL, FALSE);
|
||||
g_main_loop_run(this->loop);
|
||||
return JOB_REQUEUE_NONE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Cancel the GLib Main Event Loop
|
||||
*/
|
||||
static bool cancel(private_maemo_service_t *this)
|
||||
{
|
||||
if (this->loop)
|
||||
{
|
||||
if (g_main_loop_is_running(this->loop))
|
||||
{
|
||||
g_main_loop_quit(this->loop);
|
||||
}
|
||||
g_main_loop_unref(this->loop);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(maemo_service_t, destroy, void,
|
||||
private_maemo_service_t *this)
|
||||
{
|
||||
if (this->context)
|
||||
{
|
||||
osso_rpc_unset_cb_f(this->context,
|
||||
OSSO_CHARON_SERVICE,
|
||||
OSSO_CHARON_OBJECT,
|
||||
OSSO_CHARON_IFACE,
|
||||
(osso_rpc_cb_f*)dbus_req_handler,
|
||||
this);
|
||||
osso_deinitialize(this->context);
|
||||
}
|
||||
charon->bus->remove_listener(charon->bus, &this->public.listener);
|
||||
lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
|
||||
this->creds->destroy(this->creds);
|
||||
this->current = (g_free(this->current), NULL);
|
||||
free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* See header
|
||||
*/
|
||||
maemo_service_t *maemo_service_create()
|
||||
{
|
||||
osso_return_t result;
|
||||
private_maemo_service_t *this;
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
.listener = {
|
||||
.ike_updown = _ike_updown,
|
||||
.ike_state_change = _ike_state_change,
|
||||
.child_updown = _child_updown,
|
||||
.ike_rekey = _ike_rekey,
|
||||
},
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.creds = mem_cred_create(),
|
||||
);
|
||||
|
||||
lib->credmgr->add_set(lib->credmgr, &this->creds->set);
|
||||
|
||||
this->context = osso_initialize(OSSO_CHARON_SERVICE, "0.0.1", TRUE, NULL);
|
||||
if (!this->context)
|
||||
{
|
||||
DBG1(DBG_CFG, "failed to initialize OSSO context");
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
result = osso_rpc_set_cb_f(this->context,
|
||||
OSSO_CHARON_SERVICE,
|
||||
OSSO_CHARON_OBJECT,
|
||||
OSSO_CHARON_IFACE,
|
||||
(osso_rpc_cb_f*)dbus_req_handler,
|
||||
this);
|
||||
if (result != OSSO_OK)
|
||||
{
|
||||
DBG1(DBG_CFG, "failed to set D-BUS callback (%d)", result);
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
this->loop = NULL;
|
||||
if (!g_thread_supported())
|
||||
{
|
||||
g_thread_init(NULL);
|
||||
}
|
||||
|
||||
lib->processor->queue_job(lib->processor,
|
||||
(job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this,
|
||||
NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL));
|
||||
|
||||
return &this->public;
|
||||
}
|
|
@ -1,49 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Tobias Brunner
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @defgroup maemo_service maemo_service
|
||||
* @{ @ingroup maemo
|
||||
*/
|
||||
|
||||
#ifndef MAEMO_SERVICE_H_
|
||||
#define MAEMO_SERVICE_H_
|
||||
|
||||
#include <bus/listeners/listener.h>
|
||||
|
||||
typedef struct maemo_service_t maemo_service_t;
|
||||
|
||||
/**
|
||||
* Maemo connection management.
|
||||
*/
|
||||
struct maemo_service_t {
|
||||
|
||||
/**
|
||||
* Implements listener_t.
|
||||
*/
|
||||
listener_t listener;
|
||||
|
||||
/**
|
||||
* Destroy a maemo_service_t.
|
||||
*/
|
||||
void (*destroy)(maemo_service_t *this);
|
||||
};
|
||||
|
||||
/**
|
||||
* Create an instance of maemo_service_t.
|
||||
*/
|
||||
maemo_service_t *maemo_service_create();
|
||||
|
||||
#endif /** MAEMO_SERVICE_H_ @}*/
|
|
@ -1,4 +0,0 @@
|
|||
[D-BUS Service]
|
||||
Name=org.strongswan.charon
|
||||
Exec=/usr/bin/run-standalone.sh @LIBEXECDIR@/ipsec/charon
|
||||
User=root
|
Loading…
Reference in New Issue