diff options
author | Martin Willi <martin@strongswan.org> | 2009-04-14 10:34:24 +0000 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2009-04-14 10:34:24 +0000 |
commit | a44bb9345f0482b3dace19a27ee40320ddadc75f (patch) | |
tree | 34d75bd95b2868900213e13c31ddd892d2fd4904 /src/charon/plugins/nm | |
parent | 6e5c8d9413234b18a0631cddadd973a9f509708b (diff) | |
download | strongswan-a44bb9345f0482b3dace19a27ee40320ddadc75f.tar.bz2 strongswan-a44bb9345f0482b3dace19a27ee40320ddadc75f.tar.xz |
merged multi-auth branch back into trunk
Diffstat (limited to 'src/charon/plugins/nm')
-rw-r--r-- | src/charon/plugins/nm/nm_creds.c | 4 | ||||
-rw-r--r-- | src/charon/plugins/nm/nm_service.c | 17 |
2 files changed, 12 insertions, 9 deletions
diff --git a/src/charon/plugins/nm/nm_creds.c b/src/charon/plugins/nm/nm_creds.c index e7cd640a7..de9eb3b1b 100644 --- a/src/charon/plugins/nm/nm_creds.c +++ b/src/charon/plugins/nm/nm_creds.c @@ -259,9 +259,7 @@ static void set_username_password(private_nm_creds_t *this, identification_t *id { this->lock->write_lock(this->lock); DESTROY_IF(this->user); - /* for EAP authentication, we use always use ID_EAP type */ - this->user = identification_create_from_encoding(ID_EAP, - id->get_encoding(id)); + this->user = id->clone(id); free(this->pass); this->pass = password ? strdup(password) : NULL; this->lock->unlock(this->lock); diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 72744b784..abe55eb7d 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -151,7 +151,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, child_cfg_t *child_cfg; traffic_selector_t *ts; ike_sa_t *ike_sa; - auth_info_t *auth; + auth_cfg_t *auth; auth_class_t auth_class = AUTH_CLASS_EAP; certificate_t *cert = NULL; bool agent = FALSE; @@ -223,8 +223,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, str = nm_setting_vpn_get_data_item(settings, "user"); if (str) { - user = identification_create_from_encoding(ID_KEY_ID, - chunk_create(str, strlen(str))); + user = identification_create_from_string(str); str = nm_setting_vpn_get_secret(settings, "password"); creds->set_username_password(creds, user, (char*)str); } @@ -322,15 +321,21 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(CONFIG_NAME, 2, ike_cfg, - user, gateway->clone(gateway), CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ TRUE, 0, /* mobike, DPD */ virtual ? host_create_from_string("0.0.0.0", 0) : NULL, NULL, FALSE, NULL, NULL); /* pool, mediation */ - auth = peer_cfg->get_auth(peer_cfg); - auth->add_item(auth, AUTHN_AUTH_CLASS, &auth_class); + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_class); + auth->add(auth, AUTH_RULE_IDENTITY, user); + peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + auth->add(auth, AUTH_RULE_IDENTITY, gateway->clone(gateway)); + peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); + child_cfg = child_cfg_create(CONFIG_NAME, 10800, 10200, /* lifetime 3h, rekey 2h50min */ 300, /* jitter 5min */ |