diff options
| author | Martin Willi <martin@strongswan.org> | 2008-08-25 07:50:21 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2008-08-25 07:50:21 +0000 |
| commit | a88aae3df6de7dc905f8950b43edf49c1f2d7b82 (patch) | |
| tree | d3e558c02fd3a2b9b523e228fa42ccb19b24f1b5 | |
| parent | 7945c90adbff577a67a0908168189c5d20af096a (diff) | |
| download | strongswan-a88aae3df6de7dc905f8950b43edf49c1f2d7b82.tar.bz2 strongswan-a88aae3df6de7dc905f8950b43edf49c1f2d7b82.tar.xz | |
enforce DN of configured gateway certificate
| -rw-r--r-- | src/charon/plugins/nm/gnome/properties/nm-strongswan-dialog.glade | 82 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_service.c | 16 |
2 files changed, 52 insertions, 46 deletions
diff --git a/src/charon/plugins/nm/gnome/properties/nm-strongswan-dialog.glade b/src/charon/plugins/nm/gnome/properties/nm-strongswan-dialog.glade index bffc88e66..5a1b176da 100644 --- a/src/charon/plugins/nm/gnome/properties/nm-strongswan-dialog.glade +++ b/src/charon/plugins/nm/gnome/properties/nm-strongswan-dialog.glade @@ -37,28 +37,14 @@ <property name="column_spacing">6</property> <property name="row_spacing">6</property> <child> - <widget class="GtkFileChooserButton" id="certificate-button"> - <property name="visible">True</property> - <property name="tooltip_text">Gateway or CA certificate to use for gateway authentication.</property> - </widget> - <packing> - <property name="left_attach">1</property> - <property name="right_attach">2</property> - <property name="top_attach">1</property> - <property name="bottom_attach">2</property> - </packing> - </child> - <child> - <widget class="GtkLabel" id="certificate-label"> + <widget class="GtkLabel" id="address-label"> <property name="visible">True</property> <property name="xalign">0</property> - <property name="label" translatable="yes">_Certificate:</property> + <property name="label" translatable="yes">_Address:</property> <property name="use_underline">True</property> - <property name="mnemonic_widget">certificate-button</property> + <property name="mnemonic_widget">address-entry</property> </widget> <packing> - <property name="top_attach">1</property> - <property name="bottom_attach">2</property> <property name="x_options">GTK_FILL</property> <property name="y_options"></property> </packing> @@ -77,18 +63,32 @@ </packing> </child> <child> - <widget class="GtkLabel" id="address-label"> + <widget class="GtkLabel" id="certificate-label"> <property name="visible">True</property> <property name="xalign">0</property> - <property name="label" translatable="yes">_Address:</property> + <property name="label" translatable="yes">_Certificate:</property> <property name="use_underline">True</property> - <property name="mnemonic_widget">address-entry</property> + <property name="mnemonic_widget">certificate-button</property> </widget> <packing> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> <property name="x_options">GTK_FILL</property> <property name="y_options"></property> </packing> </child> + <child> + <widget class="GtkFileChooserButton" id="certificate-button"> + <property name="visible">True</property> + <property name="tooltip_text">Gateway certificate to use for gateway authentication.</property> + </widget> + <packing> + <property name="left_attach">1</property> + <property name="right_attach">2</property> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + </packing> + </child> </widget> </child> </widget> @@ -129,30 +129,16 @@ <property name="column_spacing">6</property> <property name="row_spacing">6</property> <child> - <widget class="GtkLabel" id="user-label"> - <property name="visible">True</property> - <property name="xalign">0</property> - <property name="label" translatable="yes">_Username:</property> - <property name="use_underline">True</property> - <property name="mnemonic_widget">user-entry</property> - </widget> - <packing> - <property name="x_options">GTK_FILL</property> - <property name="y_options"></property> - </packing> - </child> - <child> - <widget class="GtkComboBox" id="method-combo"> + <widget class="GtkEntry" id="user-entry"> <property name="visible">True</property> + <property name="can_focus">True</property> <property name="has_tooltip">True</property> - <property name="tooltip_text">Authentication Method to use for authentication against the Gateway. </property> - <property name="items"></property> + <property name="tooltip_text">The username (identity) to use for authentication against the gateway.</property> </widget> <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> - <property name="top_attach">1</property> - <property name="bottom_attach">2</property> + <property name="y_options"></property> </packing> </child> <child> @@ -171,15 +157,29 @@ </packing> </child> <child> - <widget class="GtkEntry" id="user-entry"> + <widget class="GtkComboBox" id="method-combo"> <property name="visible">True</property> - <property name="can_focus">True</property> <property name="has_tooltip">True</property> - <property name="tooltip_text">The username (identity) to use for authentication against the gateway.</property> + <property name="tooltip_text">Authentication Method to use for authentication against the Gateway. </property> + <property name="items"></property> </widget> <packing> <property name="left_attach">1</property> <property name="right_attach">2</property> + <property name="top_attach">1</property> + <property name="bottom_attach">2</property> + </packing> + </child> + <child> + <widget class="GtkLabel" id="user-label"> + <property name="visible">True</property> + <property name="xalign">0</property> + <property name="label" translatable="yes">_Username:</property> + <property name="use_underline">True</property> + <property name="mnemonic_widget">user-entry</property> + </widget> + <packing> + <property name="x_options">GTK_FILL</property> <property name="y_options"></property> </packing> </child> diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 9f617b860..37db6e045 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -163,7 +163,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { nm_creds_t *creds; NMSettingVPN *settings; - identification_t *user = NULL; + identification_t *user = NULL, *gateway; char *address, *str; bool virtual, encap, ipcomp; ike_cfg_t *ike_cfg; @@ -173,6 +173,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, ike_sa_t *ike_sa; auth_info_t *auth; auth_class_t auth_class = AUTH_CLASS_EAP; + certificate_t *cert = NULL; /** * Read parameters @@ -229,12 +230,17 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, str = g_hash_table_lookup(settings->data, "certificate"); if (str) { - certificate_t *cert; - cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, str, BUILD_END); creds->set_certificate(creds, cert); } + if (!cert) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "Loading certificate failed."); + return FALSE; + } + gateway = cert->get_subject(cert); str = g_hash_table_lookup(settings->data, "password"); if (str) { @@ -246,8 +252,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, */ ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", address); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); - peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg, user, - identification_create_from_encoding(ID_ANY, chunk_empty), + peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg, + user, gateway->clone(gateway), CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ 18000, 0, /* rekey 5h, reauth none */ 600, 600, /* jitter, over 10min */ |