Merge branch 'ikev1-fragmentation'
[strongswan.git] / src / charon-nm / nm / nm_service.c
1 /*
2 * Copyright (C) 2008-2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <nm-setting-vpn.h>
17 #include <nm-setting-connection.h>
18 #include "nm_service.h"
19
20 #include <daemon.h>
21 #include <networking/host.h>
22 #include <utils/identification.h>
23 #include <config/peer_cfg.h>
24 #include <credentials/certificates/x509.h>
25
26 #include <stdio.h>
27
28 G_DEFINE_TYPE(NMStrongswanPlugin, nm_strongswan_plugin, NM_TYPE_VPN_PLUGIN)
29
30 /**
31 * Private data of NMStrongswanPlugin
32 */
33 typedef struct {
34 /* implements bus listener interface */
35 listener_t listener;
36 /* IKE_SA we are listening on */
37 ike_sa_t *ike_sa;
38 /* backref to public plugin */
39 NMVPNPlugin *plugin;
40 /* credentials to use for authentication */
41 nm_creds_t *creds;
42 /* attribute handler for DNS/NBNS server information */
43 nm_handler_t *handler;
44 /* name of the connection */
45 char *name;
46 } NMStrongswanPluginPrivate;
47
48 #define NM_STRONGSWAN_PLUGIN_GET_PRIVATE(o) \
49 (G_TYPE_INSTANCE_GET_PRIVATE ((o), \
50 NM_TYPE_STRONGSWAN_PLUGIN, NMStrongswanPluginPrivate))
51
52 /**
53 * convert enumerated handler chunks to a UINT_ARRAY GValue
54 */
55 static GValue* handler_to_val(nm_handler_t *handler,
56 configuration_attribute_type_t type)
57 {
58 GValue *val;
59 GArray *array;
60 enumerator_t *enumerator;
61 chunk_t chunk;
62
63 enumerator = handler->create_enumerator(handler, type);
64 array = g_array_new (FALSE, TRUE, sizeof (guint32));
65 while (enumerator->enumerate(enumerator, &chunk))
66 {
67 g_array_append_val (array, *(u_int32_t*)chunk.ptr);
68 }
69 enumerator->destroy(enumerator);
70 val = g_slice_new0 (GValue);
71 g_value_init (val, DBUS_TYPE_G_UINT_ARRAY);
72 g_value_set_boxed (val, array);
73
74 return val;
75 }
76
77 /**
78 * signal IPv4 config to NM, set connection as established
79 */
80 static void signal_ipv4_config(NMVPNPlugin *plugin,
81 ike_sa_t *ike_sa, child_sa_t *child_sa)
82 {
83 GValue *val;
84 GHashTable *config;
85 host_t *me;
86 nm_handler_t *handler;
87
88 config = g_hash_table_new(g_str_hash, g_str_equal);
89 me = ike_sa->get_my_host(ike_sa);
90 handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
91
92 /* NM requires a tundev, but netkey does not use one. Passing the physical
93 * interface does not work, as NM fiddles around with it. Passing the
94 * loopback seems to work, though... */
95 val = g_slice_new0 (GValue);
96 g_value_init (val, G_TYPE_STRING);
97 g_value_set_string (val, "lo");
98 g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
99
100 val = g_slice_new0(GValue);
101 g_value_init(val, G_TYPE_UINT);
102 g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr);
103 g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
104
105 val = g_slice_new0(GValue);
106 g_value_init(val, G_TYPE_UINT);
107 g_value_set_uint(val, me->get_address(me).len * 8);
108 g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
109
110 val = handler_to_val(handler, INTERNAL_IP4_DNS);
111 g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
112
113 val = handler_to_val(handler, INTERNAL_IP4_NBNS);
114 g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
115
116 handler->reset(handler);
117
118 nm_vpn_plugin_set_ip4_config(plugin, config);
119 }
120
121 /**
122 * signal failure to NM, connecting failed
123 */
124 static void signal_failure(NMVPNPlugin *plugin, NMVPNPluginFailure failure)
125 {
126 nm_handler_t *handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
127
128 handler->reset(handler);
129
130 /* TODO: NM does not handle this failure!? */
131 nm_vpn_plugin_failure(plugin, failure);
132 nm_vpn_plugin_set_state(plugin, NM_VPN_SERVICE_STATE_STOPPED);
133 }
134
135 /**
136 * Implementation of listener_t.ike_state_change
137 */
138 static bool ike_state_change(listener_t *listener, ike_sa_t *ike_sa,
139 ike_sa_state_t state)
140 {
141 NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
142
143 if (private->ike_sa == ike_sa && state == IKE_DESTROYING)
144 {
145 signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_LOGIN_FAILED);
146 return FALSE;
147 }
148 return TRUE;
149 }
150
151 /**
152 * Implementation of listener_t.child_state_change
153 */
154 static bool child_state_change(listener_t *listener, ike_sa_t *ike_sa,
155 child_sa_t *child_sa, child_sa_state_t state)
156 {
157 NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
158
159 if (private->ike_sa == ike_sa && state == CHILD_DESTROYING)
160 {
161 signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
162 return FALSE;
163 }
164 return TRUE;
165 }
166
167 /**
168 * Implementation of listener_t.child_updown
169 */
170 static bool child_updown(listener_t *listener, ike_sa_t *ike_sa,
171 child_sa_t *child_sa, bool up)
172 {
173 NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
174
175 if (private->ike_sa == ike_sa)
176 {
177 if (up)
178 { /* disable initiate-failure-detection hooks */
179 private->listener.ike_state_change = NULL;
180 private->listener.child_state_change = NULL;
181 signal_ipv4_config(private->plugin, ike_sa, child_sa);
182 }
183 else
184 {
185 signal_failure(private->plugin, NM_VPN_PLUGIN_FAILURE_CONNECT_FAILED);
186 return FALSE;
187 }
188 }
189 return TRUE;
190 }
191
192 /**
193 * Implementation of listener_t.ike_rekey
194 */
195 static bool ike_rekey(listener_t *listener, ike_sa_t *old, ike_sa_t *new)
196 {
197 NMStrongswanPluginPrivate *private = (NMStrongswanPluginPrivate*)listener;
198
199 if (private->ike_sa == old)
200 { /* follow a rekeyed IKE_SA */
201 private->ike_sa = new;
202 }
203 return TRUE;
204 }
205
206 /**
207 * Find a certificate for which we have a private key on a smartcard
208 */
209 static identification_t *find_smartcard_key(NMStrongswanPluginPrivate *priv,
210 char *pin)
211 {
212 enumerator_t *enumerator, *sans;
213 identification_t *id = NULL;
214 certificate_t *cert;
215 x509_t *x509;
216 private_key_t *key;
217 chunk_t keyid;
218
219 enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
220 CERT_X509, KEY_ANY, NULL, FALSE);
221 while (enumerator->enumerate(enumerator, &cert))
222 {
223 x509 = (x509_t*)cert;
224
225 /* there might be a lot of certificates, filter them by usage */
226 if ((x509->get_flags(x509) & X509_CLIENT_AUTH) &&
227 !(x509->get_flags(x509) & X509_CA))
228 {
229 keyid = x509->get_subjectKeyIdentifier(x509);
230 if (keyid.ptr)
231 {
232 /* try to find a private key by the certificate keyid */
233 priv->creds->set_pin(priv->creds, keyid, pin);
234 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
235 KEY_ANY, BUILD_PKCS11_KEYID, keyid, BUILD_END);
236 if (key)
237 {
238 /* prefer a more convenient subjectAltName */
239 sans = x509->create_subjectAltName_enumerator(x509);
240 if (!sans->enumerate(sans, &id))
241 {
242 id = cert->get_subject(cert);
243 }
244 id = id->clone(id);
245 sans->destroy(sans);
246
247 DBG1(DBG_CFG, "using smartcard certificate '%Y'", id);
248 priv->creds->set_cert_and_key(priv->creds,
249 cert->get_ref(cert), key);
250 break;
251 }
252 }
253 }
254 }
255 enumerator->destroy(enumerator);
256 return id;
257 }
258
259 /**
260 * Connect function called from NM via DBUS
261 */
262 static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
263 GError **err)
264 {
265 NMStrongswanPluginPrivate *priv;
266 NMSettingConnection *conn;
267 NMSettingVPN *vpn;
268 identification_t *user = NULL, *gateway = NULL;
269 const char *address, *str;
270 bool virtual, encap, ipcomp;
271 ike_cfg_t *ike_cfg;
272 peer_cfg_t *peer_cfg;
273 child_cfg_t *child_cfg;
274 traffic_selector_t *ts;
275 ike_sa_t *ike_sa;
276 auth_cfg_t *auth;
277 auth_class_t auth_class = AUTH_CLASS_EAP;
278 certificate_t *cert = NULL;
279 x509_t *x509;
280 bool agent = FALSE, smartcard = FALSE, loose_gateway_id = FALSE;
281 lifetime_cfg_t lifetime = {
282 .time = {
283 .life = 10800 /* 3h */,
284 .rekey = 10200 /* 2h50min */,
285 .jitter = 300 /* 5min */
286 }
287 };
288
289 /**
290 * Read parameters
291 */
292 priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
293 conn = NM_SETTING_CONNECTION(nm_connection_get_setting(connection,
294 NM_TYPE_SETTING_CONNECTION));
295 vpn = NM_SETTING_VPN(nm_connection_get_setting(connection,
296 NM_TYPE_SETTING_VPN));
297 if (priv->name)
298 {
299 free(priv->name);
300 }
301 priv->name = strdup(nm_setting_connection_get_id(conn));
302 DBG1(DBG_CFG, "received initiate for NetworkManager connection %s",
303 priv->name);
304 DBG4(DBG_CFG, "%s",
305 nm_setting_to_string(NM_SETTING(vpn)));
306 address = nm_setting_vpn_get_data_item(vpn, "address");
307 if (!address || !*address)
308 {
309 g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
310 "Gateway address missing.");
311 return FALSE;
312 }
313 str = nm_setting_vpn_get_data_item(vpn, "virtual");
314 virtual = str && streq(str, "yes");
315 str = nm_setting_vpn_get_data_item(vpn, "encap");
316 encap = str && streq(str, "yes");
317 str = nm_setting_vpn_get_data_item(vpn, "ipcomp");
318 ipcomp = str && streq(str, "yes");
319 str = nm_setting_vpn_get_data_item(vpn, "method");
320 if (str)
321 {
322 if (streq(str, "psk"))
323 {
324 auth_class = AUTH_CLASS_PSK;
325 }
326 else if (streq(str, "agent"))
327 {
328 auth_class = AUTH_CLASS_PUBKEY;
329 agent = TRUE;
330 }
331 else if (streq(str, "key"))
332 {
333 auth_class = AUTH_CLASS_PUBKEY;
334 }
335 else if (streq(str, "smartcard"))
336 {
337 auth_class = AUTH_CLASS_PUBKEY;
338 smartcard = TRUE;
339 }
340 }
341
342 /**
343 * Register credentials
344 */
345 priv->creds->clear(priv->creds);
346
347 /* gateway/CA cert */
348 str = nm_setting_vpn_get_data_item(vpn, "certificate");
349 if (str)
350 {
351 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
352 BUILD_FROM_FILE, str, BUILD_END);
353 if (!cert)
354 {
355 g_set_error(err, NM_VPN_PLUGIN_ERROR,
356 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
357 "Loading gateway certificate failed.");
358 return FALSE;
359 }
360 priv->creds->add_certificate(priv->creds, cert);
361
362 x509 = (x509_t*)cert;
363 if (!(x509->get_flags(x509) & X509_CA))
364 { /* For a gateway certificate, we use the cert subject as identity. */
365 gateway = cert->get_subject(cert);
366 gateway = gateway->clone(gateway);
367 DBG1(DBG_CFG, "using gateway certificate, identity '%Y'", gateway);
368 }
369 }
370 else
371 {
372 /* no certificate defined, fall back to system-wide CA certificates */
373 priv->creds->load_ca_dir(priv->creds, NM_CA_DIR);
374 }
375 if (!gateway)
376 {
377 /* If the user configured a CA certificate, we use the IP/DNS
378 * of the gateway as its identity. This identity will be used for
379 * certificate lookup and requires the configured IP/DNS to be
380 * included in the gateway certificate. */
381 gateway = identification_create_from_string((char*)address);
382 DBG1(DBG_CFG, "using CA certificate, gateway identity '%Y'", gateway);
383 loose_gateway_id = TRUE;
384 }
385
386 if (auth_class == AUTH_CLASS_EAP)
387 {
388 /* username/password authentication ... */
389 str = nm_setting_vpn_get_data_item(vpn, "user");
390 if (str)
391 {
392 user = identification_create_from_string((char*)str);
393 str = nm_setting_vpn_get_secret(vpn, "password");
394 priv->creds->set_username_password(priv->creds, user, (char*)str);
395 }
396 }
397
398 if (auth_class == AUTH_CLASS_PUBKEY)
399 {
400 if (smartcard)
401 {
402 char *pin;
403
404 pin = (char*)nm_setting_vpn_get_secret(vpn, "password");
405 if (pin)
406 {
407 user = find_smartcard_key(priv, pin);
408 }
409 if (!user)
410 {
411 g_set_error(err, NM_VPN_PLUGIN_ERROR,
412 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
413 "no usable smartcard certificate found.");
414 gateway->destroy(gateway);
415 return FALSE;
416 }
417 }
418 /* ... or certificate/private key authenitcation */
419 else if ((str = nm_setting_vpn_get_data_item(vpn, "usercert")))
420 {
421 public_key_t *public;
422 private_key_t *private = NULL;
423
424 cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
425 BUILD_FROM_FILE, str, BUILD_END);
426 if (!cert)
427 {
428 g_set_error(err, NM_VPN_PLUGIN_ERROR,
429 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
430 "Loading peer certificate failed.");
431 gateway->destroy(gateway);
432 return FALSE;
433 }
434 /* try agent */
435 str = nm_setting_vpn_get_secret(vpn, "agent");
436 if (agent && str)
437 {
438 public = cert->get_public_key(cert);
439 if (public)
440 {
441 private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
442 public->get_type(public),
443 BUILD_AGENT_SOCKET, str,
444 BUILD_PUBLIC_KEY, public,
445 BUILD_END);
446 public->destroy(public);
447 }
448 if (!private)
449 {
450 g_set_error(err, NM_VPN_PLUGIN_ERROR,
451 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
452 "Connecting to SSH agent failed.");
453 }
454 }
455 /* ... or key file */
456 str = nm_setting_vpn_get_data_item(vpn, "userkey");
457 if (!agent && str)
458 {
459 char *secret;
460
461 secret = (char*)nm_setting_vpn_get_secret(vpn, "password");
462 if (secret)
463 {
464 priv->creds->set_key_password(priv->creds, secret);
465 }
466 private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
467 KEY_RSA, BUILD_FROM_FILE, str, BUILD_END);
468 if (!private)
469 {
470 g_set_error(err, NM_VPN_PLUGIN_ERROR,
471 NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
472 "Loading private key failed.");
473 }
474 }
475 if (private)
476 {
477 user = cert->get_subject(cert);
478 user = user->clone(user);
479 priv->creds->set_cert_and_key(priv->creds, cert, private);
480 }
481 else
482 {
483 DESTROY_IF(cert);
484 gateway->destroy(gateway);
485 return FALSE;
486 }
487 }
488 }
489
490 if (!user)
491 {
492 g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
493 "Configuration parameters missing.");
494 gateway->destroy(gateway);
495 return FALSE;
496 }
497
498 /**
499 * Set up configurations
500 */
501 ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0", FALSE,
502 charon->socket->get_port(charon->socket, FALSE),
503 (char*)address, FALSE, IKEV2_UDP_PORT,
504 FRAGMENTATION_NO);
505 ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
506 peer_cfg = peer_cfg_create(priv->name, ike_cfg,
507 CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
508 36000, 0, /* rekey 10h, reauth none */
509 600, 600, /* jitter, over 10min */
510 TRUE, FALSE, /* mobike, aggressive */
511 0, 0, /* DPD delay, timeout */
512 FALSE, NULL, NULL); /* mediation */
513 if (virtual)
514 {
515 peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
516 }
517 auth = auth_cfg_create();
518 auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_class);
519 auth->add(auth, AUTH_RULE_IDENTITY, user);
520 peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
521 auth = auth_cfg_create();
522 auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
523 auth->add(auth, AUTH_RULE_IDENTITY, gateway);
524 auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id);
525 peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
526
527 child_cfg = child_cfg_create(priv->name, &lifetime,
528 NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
529 ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
530 0, 0, NULL, NULL, 0);
531 child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
532 ts = traffic_selector_create_dynamic(0, 0, 65535);
533 child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
534 ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
535 "0.0.0.0", 0,
536 "255.255.255.255", 65535);
537 child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
538 peer_cfg->add_child_cfg(peer_cfg, child_cfg);
539
540 /**
541 * Prepare IKE_SA
542 */
543 ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
544 peer_cfg);
545 if (!ike_sa)
546 {
547 peer_cfg->destroy(peer_cfg);
548 g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
549 "IKE version not supported.");
550 return FALSE;
551 }
552 if (!ike_sa->get_peer_cfg(ike_sa))
553 {
554 ike_sa->set_peer_cfg(ike_sa, peer_cfg);
555 }
556 peer_cfg->destroy(peer_cfg);
557
558 /**
559 * Register listener, enable initiate-failure-detection hooks
560 */
561 priv->ike_sa = ike_sa;
562 priv->listener.ike_state_change = ike_state_change;
563 priv->listener.child_state_change = child_state_change;
564 charon->bus->add_listener(charon->bus, &priv->listener);
565
566 /**
567 * Initiate
568 */
569 child_cfg->get_ref(child_cfg);
570 if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
571 {
572 charon->bus->remove_listener(charon->bus, &priv->listener);
573 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
574
575 g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_LAUNCH_FAILED,
576 "Initiating failed.");
577 return FALSE;
578 }
579 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
580 return TRUE;
581 }
582
583 /**
584 * NeedSecrets called from NM via DBUS
585 */
586 static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection,
587 char **setting_name, GError **error)
588 {
589 NMSettingVPN *settings;
590 const char *method, *path;
591
592 settings = NM_SETTING_VPN(nm_connection_get_setting(connection,
593 NM_TYPE_SETTING_VPN));
594 method = nm_setting_vpn_get_data_item(settings, "method");
595 if (method)
596 {
597 if (streq(method, "eap"))
598 {
599 if (nm_setting_vpn_get_secret(settings, "password"))
600 {
601 return FALSE;
602 }
603 }
604 else if (streq(method, "agent"))
605 {
606 if (nm_setting_vpn_get_secret(settings, "agent"))
607 {
608 return FALSE;
609 }
610 }
611 else if (streq(method, "key"))
612 {
613 path = nm_setting_vpn_get_data_item(settings, "userkey");
614 if (path)
615 {
616 private_key_t *key;
617
618 /* try to load/decrypt the private key */
619 key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
620 KEY_RSA, BUILD_FROM_FILE, path, BUILD_END);
621 if (key)
622 {
623 key->destroy(key);
624 return FALSE;
625 }
626 }
627 }
628 else if (streq(method, "smartcard"))
629 {
630 if (nm_setting_vpn_get_secret(settings, "password"))
631 {
632 return FALSE;
633 }
634 }
635 }
636 *setting_name = NM_SETTING_VPN_SETTING_NAME;
637 return TRUE;
638 }
639
640 /**
641 * Disconnect called from NM via DBUS
642 */
643 static gboolean disconnect(NMVPNPlugin *plugin, GError **err)
644 {
645 NMStrongswanPluginPrivate *priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
646 enumerator_t *enumerator;
647 ike_sa_t *ike_sa;
648 u_int id;
649
650 /* our ike_sa pointer might be invalid, lookup sa */
651 enumerator = charon->controller->create_ike_sa_enumerator(
652 charon->controller, TRUE);
653 while (enumerator->enumerate(enumerator, &ike_sa))
654 {
655 if (priv->ike_sa == ike_sa)
656 {
657 id = ike_sa->get_unique_id(ike_sa);
658 enumerator->destroy(enumerator);
659 charon->controller->terminate_ike(charon->controller, id,
660 controller_cb_empty, NULL, 0);
661 return TRUE;
662 }
663 }
664 enumerator->destroy(enumerator);
665
666 g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_GENERAL,
667 "Connection not found.");
668 return FALSE;
669 }
670
671 /**
672 * Initializer
673 */
674 static void nm_strongswan_plugin_init(NMStrongswanPlugin *plugin)
675 {
676 NMStrongswanPluginPrivate *priv;
677
678 priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
679 priv->plugin = NM_VPN_PLUGIN(plugin);
680 memset(&priv->listener, 0, sizeof(listener_t));
681 priv->listener.child_updown = child_updown;
682 priv->listener.ike_rekey = ike_rekey;
683 }
684
685 /**
686 * Class constructor
687 */
688 static void nm_strongswan_plugin_class_init(
689 NMStrongswanPluginClass *strongswan_class)
690 {
691 NMVPNPluginClass *parent_class = NM_VPN_PLUGIN_CLASS(strongswan_class);
692
693 g_type_class_add_private(G_OBJECT_CLASS(strongswan_class),
694 sizeof(NMStrongswanPluginPrivate));
695 parent_class->connect = connect_;
696 parent_class->need_secrets = need_secrets;
697 parent_class->disconnect = disconnect;
698 }
699
700 /**
701 * Object constructor
702 */
703 NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds,
704 nm_handler_t *handler)
705 {
706 NMStrongswanPlugin *plugin = (NMStrongswanPlugin *)g_object_new (
707 NM_TYPE_STRONGSWAN_PLUGIN,
708 NM_VPN_PLUGIN_DBUS_SERVICE_NAME, NM_DBUS_SERVICE_STRONGSWAN,
709 NULL);
710 if (plugin)
711 {
712 NMStrongswanPluginPrivate *priv;
713
714 priv = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin);
715 priv->creds = creds;
716 priv->handler = handler;
717 priv->name = NULL;
718 }
719 return plugin;
720 }
721