5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
35 #include <openssl/bio.h>
36 #include <openssl/pem.h>
37 #include <openssl/err.h>
38 #include <openssl/safestack.h>
39 #include <openssl/pkcs12.h>
40 #include <openssl/x509.h>
41 #include <openssl/conf.h>
43 #define CONNMAN_API_SUBJECT_TO_CHANGE
44 #include <connman/plugin.h>
45 #include <connman/log.h>
46 #include <connman/task.h>
47 #include <connman/dbus.h>
48 #include <connman/ipconfig.h>
50 #include "../vpn-provider.h"
54 #include "vici-client.h"
56 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
66 static DBusConnection *connection;
67 static VICIClient *vici_client;
68 static GFileMonitor* monitor;
70 struct openssl_private_data {
71 EVP_PKEY *private_key;
73 STACK_OF(X509) *ca_certs;
76 struct ipsec_private_data {
77 struct vpn_provider *provider;
78 struct openssl_private_data openssl_data;
79 vpn_provider_connect_cb_t cb;
87 const char *subsection;
88 vici_add_element add_elem;
89 } ipsec_conn_options[] = {
90 {"IPsec.Version", "version", NULL, vici_add_kv},
91 {"IPsec.LeftAddrs", "local_addrs", NULL, vici_add_kvl},
92 {"IPsec.RightAddrs", "remote_addrs", NULL, vici_add_kvl},
94 {"IPsec.LocalAuth", "auth", "local", vici_add_kv},
95 {"IPsec.LocalID", "id", "local", vici_add_kv},
96 {"IPsec.LocalXauthID", "xauth_id", "local", vici_add_kv},
97 {"IPsec.LocalXauthAuth", "auth", "local-xauth", vici_add_kv},
98 {"IPsec.LocalXauthXauthID", "xauth_id", "local-xauth", vici_add_kv},
99 {"IPsec.RemoteAuth", "auth", "remote", vici_add_kv},
100 {"IPsec.RemoteID", "id", "remote", vici_add_kv},
101 {"IPsec.RemoteXauthID", "xauth_id", "remote", vici_add_kv},
102 {"IPsec.RemoteXauthAuth", "auth", "remote-xauth", vici_add_kv},
103 {"IPsec.RemoteXauthXauthID", "xauth_id", "remote-xauth", vici_add_kv},
104 {"IPsec.ChildrenLocalTS", "local_ts", "children", vici_add_kvl},
105 {"IPsec.ChildrenRemoteTS", "remote_ts", "children", vici_add_kvl},
110 const char *vici_type;
111 } ipsec_shared_options[] = {
112 {"IPsec.IKEData", "data"},
113 {"IPsec.IKEOwners", "owners"},
114 {"IPsec.XauthData", "data"},
115 {"IPsec.XauthOwners", "owners"},
120 const char *vici_type;
121 const char *vici_flag;
122 } ipsec_cert_options[] = {
123 {"IPsec.CertType", "type", NULL},
124 {"IPsec.CertFlag", "flag", NULL},
125 {"IPsec.CertData", "data", NULL},
126 {"IPsec.CertPass", "data", NULL},
131 const char *vici_type;
132 } ipsec_pkey_options[] = {
133 {"IPsec.PKeyType", "type"},
134 {"IPsec.PKeyData", "data"},
137 static const char *ikev1_esp_proposals [] ={
149 static const char *ikev1_proposals [] ={
150 "aes256-sha256-modp1024",
151 "aes128-sha256-modp1024",
152 "aes256-sha1-modp1024",
153 "aes128-sha1-modp1024",
154 "aes256-md5-modp1024",
155 "aes128-md5-modp1024",
156 "3des-sha1-modp1024",
161 static const char *ikev2_esp_proposals = "aes256-aes128-sha512-sha384-sha256-sha1-modp2048-modp1536-modp1024";
163 static const char *ikev2_proposals = "aes256-aes128-sha512-sha384-sha256-sha1-modp2048-modp1536-modp1024";
165 static void init_openssl(void)
167 /* Load the human readable error strings for libcrypto */
168 #if OPENSSL_API_COMPAT < 0x10100000L
169 /* TODO :remove this after debug */
170 DBG("openssl version is under 1.01");
171 ERR_load_crypto_strings();
173 /* As of version 1.1.0 OpenSSL will automatically allocate
174 * all resources that it needs so no explicit initialisation
175 * is required. Similarly it will also automatically
176 * deinitialise as required. */
177 /* OPENSSL_init_crypto(); */
179 /* Load all digest and cipher algorithms */
180 #if OPENSSL_API_COMPAT < 0x10100000L
181 OpenSSL_add_all_algorithms();
183 /* As of version 1.1.0 OpenSSL will automatically allocate
184 * all resources that it needs so no explicit initialisation
185 * is required. Similarly it will also automatically
186 * deinitialise as required. */
187 /* OPENSSL_init_crypto(); */
189 #if OPENSSL_API_COMPAT < 0x10100000L
190 OPENSSL_config(NULL);
193 /* TODO :remove this after debug */
198 static void deinit_openssl(void)
200 #if OPENSSL_API_COMPAT < 0x10100000L
204 #if OPENSSL_API_COMPAT < 0x10100000L
211 static int print_openssl_error_cb(const char *str, size_t len, void *u)
213 connman_error("%s", str);
217 static void print_openssl_error()
219 ERR_print_errors_cb(print_openssl_error_cb, NULL);
223 static int get_cert_type(const char *path)
225 char *down_str = NULL;
228 down_str = g_ascii_strdown(path, strlen(path));
230 return CERT_TYPE_NONE;
232 if(g_str_has_suffix(down_str, ".pem"))
233 cert_type = CERT_TYPE_PEM;
234 else if (g_str_has_suffix(down_str, ".der") || g_str_has_suffix(down_str, ".crt"))
235 cert_type = CERT_TYPE_DER;
236 else if (g_str_has_suffix(down_str, ".p12") || g_str_has_suffix(down_str, ".pfx"))
237 cert_type = CERT_TYPE_PKCS12;
239 cert_type = CERT_TYPE_NONE;
245 static void read_der_file(const char *path, X509 **cert)
249 DBG("der path %s\n", path);
250 fp = fopen(path, "r");
251 *cert = d2i_X509_fp(fp, NULL);
256 static void read_pem_file(const char *path, X509 **cert)
260 DBG("pem path %s\n", path);
261 fp = fopen(path, "r");
262 *cert = PEM_read_X509(fp, cert, NULL, NULL);
267 static void read_pkcs12_file(const char *path, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
272 DBG("pkcs12 path %s\n", path);
273 fp = fopen(path, "r");
275 p12 = d2i_PKCS12_fp(fp, NULL);
277 print_openssl_error();
282 if (!PKCS12_parse(p12, pass, pkey, cert, ca)) {
283 print_openssl_error();
292 static char *get_private_key_str(struct openssl_private_data *data)
297 char *private_key_str = NULL;
302 if (!(pkey = data->private_key))
305 bio = BIO_new(BIO_s_mem());
307 print_openssl_error();
311 if (!PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL)) {
312 print_openssl_error();
317 BIO_get_mem_ptr(bio, &buf_ptr);
319 print_openssl_error();
324 private_key_str = g_try_malloc0(buf_ptr->length + 1);
325 if (!private_key_str) {
326 print_openssl_error();
331 g_strlcpy(private_key_str, buf_ptr->data, buf_ptr->length);
335 return private_key_str;
338 static char *get_cert_str(X509 *cert)
342 char *cert_str = NULL;
347 bio = BIO_new(BIO_s_mem());
349 print_openssl_error();
353 if (!PEM_write_bio_X509_AUX(bio, cert)) {
354 print_openssl_error();
359 BIO_get_mem_ptr(bio, &buf_ptr);
361 print_openssl_error();
366 cert_str = g_try_malloc0(buf_ptr->length + 1);
368 print_openssl_error();
373 g_strlcpy(cert_str, buf_ptr->data, buf_ptr->length);
379 static char * get_local_cert_str(struct openssl_private_data *data)
384 if (!(data->local_cert))
387 return get_cert_str(data->local_cert);
390 int get_ca_cert_num(struct openssl_private_data *data)
392 if(!data || !data->ca_certs)
395 return sk_X509_num(data->ca_certs);
398 static char * get_nth_ca_cert_str(struct openssl_private_data *data, int num)
405 if (!(data->ca_certs))
408 cert = sk_X509_value(data->ca_certs, num);
410 return get_cert_str(cert);
413 static void extract_cert_info(const char *path, const char *pass, struct openssl_private_data *data)
416 /* TODO :remove this after debug */
417 DBG("there's no cert data");
421 switch (get_cert_type(path)) {
423 read_der_file(path, &(data->local_cert));
426 read_pem_file(path, &(data->local_cert));
428 case CERT_TYPE_PKCS12:
429 read_pkcs12_file(path, pass, &(data->private_key), &(data->local_cert), &(data->ca_certs));
438 static void free_openssl_private_data(struct openssl_private_data *data)
443 EVP_PKEY *private_key = data->private_key;
444 X509 *local_cert = data->local_cert;
445 STACK_OF(X509) *ca_certs = data->ca_certs;
448 EVP_PKEY_free(private_key);
451 X509_free(local_cert);
454 sk_X509_pop_free(ca_certs, X509_free);
459 static void free_private_data(struct ipsec_private_data *data)
461 free_openssl_private_data(&(data->openssl_data));
466 static int ipsec_notify(DBusMessage *msg, struct vpn_provider *provider)
471 static int ipsec_is_same_auth(const char* req, const char* target)
473 if (req == NULL || target == NULL)
475 return (g_strcmp0(req, target) == 0);
478 static int vici_load_cert(const char* type, const char* flag, const char* data)
483 sect = vici_create_section(NULL);
487 vici_add_kv(sect, "type", type, NULL);
488 vici_add_kv(sect, "flag", flag, NULL);
489 vici_add_kv(sect, "data", data, NULL);
491 ret = vici_send_request(vici_client, VICI_CMD_LOAD_CERT, sect);
493 connman_error("vici_send_request failed");
495 vici_destroy_section(sect);
500 static int vici_load_key(const char* type, const char* data)
503 sect = vici_create_section(NULL);
506 vici_add_kv(sect, "type", type, NULL);
507 vici_add_kv(sect, "data", data, NULL);
508 ret = vici_send_request(vici_client, VICI_CMD_LOAD_KEY, sect);
510 connman_error("vici_send_request failed");
512 vici_destroy_section(sect);
517 static void ipsec_add_default_child_sa_data(struct vpn_provider *provider, VICISection *child)
519 const char *version = vpn_provider_get_string(provider, "IPsec.Version");
520 if (g_strcmp0(version, "1") == 0) {
524 for (list = NULL; ikev1_esp_proposals[i] != NULL; i++)
525 list = g_slist_append(list, g_strdup(ikev1_esp_proposals[i]));
526 vici_add_list(child, "esp_proposals", list, "net");
529 vici_add_kvl(child, "esp_proposals", ikev2_esp_proposals, "net");
534 static void ipsec_add_default_conn_data(struct vpn_provider *provider, VICISection *conn)
536 const char *version = vpn_provider_get_string(provider, "IPsec.Version");
537 if (g_strcmp0(version, "1") == 0) {
541 for (list = NULL; ikev1_proposals[i] != NULL; i++)
542 list = g_slist_append(list, g_strdup(ikev1_proposals[i]));
543 vici_add_list(conn, "proposals", list, NULL);
546 if (g_strcmp0(vpn_provider_get_string(provider, "IPsec.LocalAuth"), "psk") == 0)
547 vici_add_kv(conn, "aggressive", "yes", NULL);
550 vici_add_kvl(conn, "proposals", ikev2_proposals, NULL);
553 vici_add_kvl(conn, "vips", "0.0.0.0", NULL);
558 static int ipsec_load_conn(struct vpn_provider *provider, struct ipsec_private_data *data)
562 const char *subsection;
563 char *local_cert_str;
565 VICISection *children;
569 if (!provider || !data) {
570 connman_error("invalid provider or data");
574 value = vpn_provider_get_string(provider, "Name");
575 DBG("Name: %s", value);
576 conn = vici_create_section(value);
577 children = vici_create_section("children");
578 add_subsection("children", children, conn);
580 for (i = 0; i < (int)ARRAY_SIZE(ipsec_conn_options); i++) {
581 value = vpn_provider_get_string(provider, ipsec_conn_options[i].cm_opt);
585 key = ipsec_conn_options[i].vici_key;
586 subsection = ipsec_conn_options[i].subsection;
587 ipsec_conn_options[i].add_elem(conn, key, value, subsection);
590 local_cert_str = get_local_cert_str(&(data->openssl_data));
591 if (local_cert_str) {
592 /* TODO :remove this after debug */
593 DBG("There's local certification to add local section");
594 vici_add_kvl(conn, "certs", local_cert_str, "local");
595 g_free(local_cert_str);
598 ipsec_add_default_conn_data(provider, conn);
599 ipsec_add_default_child_sa_data(provider, children);
601 ret = vici_send_request(vici_client, VICI_CMD_LOAD_CONN, conn);
603 connman_error("vici_send_request failed");
605 vici_destroy_section(conn);
610 static int ipsec_load_private_data(struct ipsec_private_data *data)
612 char *private_key_str;
618 private_key_str = get_private_key_str(&(data->openssl_data));
619 if (private_key_str) {
620 /* TODO :remove this after debug */
621 DBG("load private key");
622 ret = vici_load_key("RSA", private_key_str);
623 g_free(private_key_str);
629 ca_cert_num = get_ca_cert_num(&(data->openssl_data));
633 for (i = 0; i < ca_cert_num; i++) {
634 /* TODO :remove this after debug */
636 ca_cert_str = get_nth_ca_cert_str(&(data->openssl_data), i);
637 ret = vici_load_cert("X509", "CA", ca_cert_str);
646 static int ipsec_load_shared_psk(struct vpn_provider *provider)
654 connman_error("invalid provider");
658 data = vpn_provider_get_string(provider, "IPsec.IKEData");
659 owner = vpn_provider_get_string(provider, "IPsec.IKEOwners");
660 DBG("IKEData: %s, IKEOwners: %s", data, owner);
665 sect = vici_create_section(NULL);
670 vici_add_kv(sect, "type", VICI_SHARED_TYPE_PSK, NULL);
671 vici_add_kv(sect, "data", data, NULL);
672 vici_add_kvl(sect, "owners", owner, NULL);
674 ret = vici_send_request(vici_client, VICI_CMD_LOAD_SHARED, sect);
676 connman_error("vici_send_request failed");
678 vici_destroy_section(sect);
683 static int ipsec_load_shared_xauth(struct vpn_provider *provider)
691 connman_error("invalid provider");
695 data = vpn_provider_get_string(provider, "IPsec.XauthData");
696 owner = vpn_provider_get_string(provider, "IPsec.XauthOwners");
697 DBG("XauthData: %s, XauthOwners: %s", data, owner);
702 sect = vici_create_section(NULL);
704 vici_add_kv(sect, "type", VICI_SHARED_TYPE_XAUTH, NULL);
705 vici_add_kv(sect, "data", data, NULL);
706 vici_add_kvl(sect, "owners", owner, NULL);
708 ret = vici_send_request(vici_client, VICI_CMD_LOAD_SHARED, sect);
710 connman_error("vici_send_request failed");
712 vici_destroy_section(sect);
717 static char *load_file_from_path(const char *path)
722 size_t file_size = 0;
723 char *file_buff = NULL;
726 connman_error("File path is NULL\n");
730 fp = fopen(path, "rb");
732 connman_error("fopen %s is failed\n", path);
738 file_size = st.st_size;
739 file_buff = g_try_malloc0(sizeof(char)*st.st_size);
740 if (file_buff == NULL) {
741 connman_error("g_try_malloc0 failed\n");
746 if (fread(file_buff, 1, file_size, fp) != file_size) {
747 connman_error("file size not matched\n");
756 static int ipsec_load_key(struct vpn_provider *provider)
765 connman_error("invalid provider");
769 type = vpn_provider_get_string(provider, "IPsec.PKeyType");
770 path = vpn_provider_get_string(provider, "IPsec.PKeyData");
771 DBG("PKeyType: %s, PKeyData: %s", type, path);
776 data = load_file_from_path(path);
780 sect = vici_create_section(NULL);
784 vici_add_kv(sect, "type", type, NULL);
785 vici_add_kv(sect, "data", data, NULL);
787 ret = vici_send_request(vici_client, VICI_CMD_LOAD_KEY, sect);
789 connman_error("vici_send_request failed");
791 vici_destroy_section(sect);
797 static int ipsec_initiate(struct vpn_provider *provider)
802 sect = vici_create_section(NULL);
806 vici_add_kv(sect, "child", "net", NULL);
807 ret = vici_send_request(vici_client, VICI_CMD_INITIATE, sect);
809 connman_error("vici_send_request failed");
811 vici_destroy_section(sect);
816 static int ipsec_load_cert(struct vpn_provider *provider)
821 const char *local_auth_type;
822 const char *remote_auth_type;
826 connman_error("invalid provider");
830 local_auth_type = vpn_provider_get_string(provider, "IPsec.LocalAuth");
831 remote_auth_type = vpn_provider_get_string(provider, "IPsec.RemoteAuth");
832 if (!ipsec_is_same_auth(local_auth_type, "pubkey") &&
833 !ipsec_is_same_auth(remote_auth_type, "pubkey")) {
834 DBG("invalid auth type");
838 type = vpn_provider_get_string(provider, "IPsec.CertType");
839 flag = vpn_provider_get_string(provider, "IPsec.CertFlag");
840 data = load_file_from_path(vpn_provider_get_string(provider, "IPsec.CertData"));
841 DBG("CertType: %s, CertFalg: %s,CertData: %s", type, flag, data);
842 if (!type || ! flag || !data) {
843 connman_error("invalid certification information");
847 ret = vici_load_cert(type, flag, data);
849 connman_error("failed to load cert");
856 void connect_reply_cb(int err, void *user_data)
858 struct ipsec_private_data *data;
860 data = (struct ipsec_private_data *)user_data;
861 data->cb(data->provider, data->user_data, err);
863 free_private_data(data);
866 static struct ipsec_private_data* create_ipsec_private_data(struct vpn_provider *provider,
867 vpn_provider_connect_cb_t cb, void* user_data)
869 struct ipsec_private_data *data;
870 data = g_try_new0(struct ipsec_private_data, 1);
872 connman_error("out of memory");
878 data->provider = provider;
880 data->user_data = user_data;
884 static void vici_connect(struct ipsec_private_data *data)
886 struct vpn_provider *provider = NULL;
887 vpn_provider_connect_cb_t cb = NULL;
891 IPSEC_ERROR_CHECK_GOTO(-1, done, "Invalid data parameter");
893 provider = data->provider;
895 if (!provider || !cb)
896 IPSEC_ERROR_CHECK_GOTO(-1, done, "Invalid provider or callback");
898 DBG("data %p, provider %p", data, provider);
901 * Initialize vici client
903 err = vici_initialize(&vici_client);
904 IPSEC_ERROR_CHECK_GOTO(err, done, "failed to initialize vici_client");
906 /* TODO :remove this after debug */
907 DBG("success to initialize vici socket");
909 vici_set_connect_reply_cb(vici_client, (vici_connect_reply_cb)connect_reply_cb, data);
912 * Send the load-conn command
914 err = ipsec_load_conn(provider, data);
915 IPSEC_ERROR_CHECK_GOTO(err, done, "load-conn failed");
917 /* TODO :remove this after debug */
918 DBG("success to ipsec_load_conn");
920 err = ipsec_load_private_data(data);
921 IPSEC_ERROR_CHECK_GOTO(err, done, "load private data failed");
923 /* TODO :remove this after debug */
924 DBG("success to ipsec_load_private_data");
927 * Send the load-shared command for PSK
929 err = ipsec_load_shared_psk(provider);
930 IPSEC_ERROR_CHECK_GOTO(err, done, "load-shared failed");
932 /* TODO :remove this after debug */
933 DBG("success to ipsec_load_shared_psk");
936 * Send the load-shared command for XAUTH
938 err = ipsec_load_shared_xauth(provider);
939 IPSEC_ERROR_CHECK_GOTO(err, done, "load-shared failed");
941 /* TODO :remove this after debug */
942 DBG("success to ipsec_load_shared_xauth");
944 * Send the load-cert command
946 err = ipsec_load_cert(provider);
947 IPSEC_ERROR_CHECK_GOTO(err, done, "load-cert failed");
949 /* TODO :remove this after debug */
950 DBG("success to ipsec_load_cert");
953 * Send the load-key command
955 err = ipsec_load_key(provider);
956 IPSEC_ERROR_CHECK_GOTO(err, done, "load-key failed");
958 /* TODO :remove this after debug */
959 DBG("success to ipsec_load_cert");
961 * Send the initiate command
963 err = ipsec_initiate(provider);
964 IPSEC_ERROR_CHECK_GOTO(err, done, "initiate failed");
966 /* TODO :remove this after debug */
967 DBG("success to ipsec_initiate");
970 /* refer to connect_cb on vpn-provider.c for cb */
972 cb(provider, data->user_data, -err);
977 static void monitor_changed(GFileMonitor *monitor, GFile *file, GFile *other_file,
978 GFileMonitorEvent event_type, gpointer user_data)
980 DBG("file %s", g_file_get_path(file));
981 if (event_type == G_FILE_MONITOR_EVENT_CREATED) {
982 if (g_file_test(VICI_DEFAULT_URI, G_FILE_TEST_EXISTS)) {
983 DBG("file created: %s", VICI_DEFAULT_URI);
984 struct ipsec_private_data *data = user_data;
986 g_object_unref(monitor);
991 static void monitor_vici_socket(struct ipsec_private_data *data)
993 GError *error = NULL;
996 file = g_file_new_for_path(VICI_DEFAULT_URI);
997 monitor = g_file_monitor_file(file, G_FILE_MONITOR_SEND_MOVED, NULL, &error);
999 connman_error("g_file_monitor_directory failed: %s / %d", error->message, error->code);
1000 g_error_free(error);
1003 /* TODO :remove this after debug */
1004 DBG("starting to monitor vici socket");
1005 g_signal_connect(monitor, "changed", G_CALLBACK(monitor_changed), data);
1006 g_object_unref(file);
1009 static void check_vici_socket(struct ipsec_private_data *data)
1011 DBG("data %p", data);
1012 if (g_file_test(VICI_DEFAULT_URI, G_FILE_TEST_EXISTS)) {
1013 DBG("file exists: %s", VICI_DEFAULT_URI);
1016 monitor_vici_socket(data);
1020 static int ipsec_connect(struct vpn_provider *provider,
1021 struct connman_task *task, const char *if_name,
1022 vpn_provider_connect_cb_t cb, const char *dbus_sender,
1025 struct ipsec_private_data *data;
1030 data = create_ipsec_private_data(provider, cb, user_data);
1032 connman_error("create ipsec private data failed");
1036 * Start charon daemon using ipsec script of strongSwan.
1038 err = connman_task_run(task, vpn_died, provider, NULL, NULL, NULL);
1040 connman_error("charon start failed");
1042 cb(provider, user_data, err);
1046 path = vpn_provider_get_string(provider, "IPsec.LocalCerts");
1047 pass = vpn_provider_get_string(provider, "IPsec.LocalCertPass");
1048 extract_cert_info(path, pass, &(data->openssl_data));
1050 check_vici_socket(data);
1051 // g_usleep(G_USEC_PER_SEC);
1056 static int ipsec_error_code(struct vpn_provider *provider, int exit_code)
1061 static int ipsec_save(struct vpn_provider *provider, GKeyFile *keyfile)
1068 * Save IKE connection configurations
1070 for (i = 0; i < (int)ARRAY_SIZE(ipsec_conn_options); i++) {
1071 option = vpn_provider_get_string(provider, ipsec_conn_options[i].cm_opt);
1073 g_key_file_set_string(keyfile,
1074 vpn_provider_get_save_group(provider),
1075 ipsec_conn_options[i].cm_opt,
1080 * Save shared IKE PSK, EAP or XAUTH secret
1082 for (i = 0; i < (int)ARRAY_SIZE(ipsec_shared_options); i++) {
1083 option = vpn_provider_get_string(provider, ipsec_shared_options[i].cm_opt);
1085 g_key_file_set_string(keyfile,
1086 vpn_provider_get_save_group(provider),
1087 ipsec_shared_options[i].cm_opt,
1092 * Save certification
1094 for (i = 0; i < (int)ARRAY_SIZE(ipsec_cert_options); i++) {
1095 option = vpn_provider_get_string(provider, ipsec_cert_options[i].cm_opt);
1097 g_key_file_set_string(keyfile,
1098 vpn_provider_get_save_group(provider),
1099 ipsec_cert_options[i].cm_opt,
1106 for (i = 0; i < (int)ARRAY_SIZE(ipsec_pkey_options); i++) {
1107 option = vpn_provider_get_string(provider, ipsec_pkey_options[i].cm_opt);
1109 g_key_file_set_string(keyfile,
1110 vpn_provider_get_save_group(provider),
1111 ipsec_pkey_options[i].cm_opt,
1116 * Save local certification
1118 option = vpn_provider_get_string(provider, "IPsec.LocalCerts");
1120 g_key_file_set_string(keyfile,
1121 vpn_provider_get_save_group(provider),
1124 option = vpn_provider_get_string(provider, "IPsec.LocalCertPass");
1126 g_key_file_set_string(keyfile,
1127 vpn_provider_get_save_group(provider),
1128 "IPsec.LocalCertPass",
1131 * Save CA certification directory
1133 option = vpn_provider_get_string(provider, "IPsec.CACertsDir");
1135 g_key_file_set_string(keyfile,
1136 vpn_provider_get_save_group(provider),
1143 static void ipsec_disconnect(struct vpn_provider *provider)
1147 err = vici_deinitialize(vici_client);
1148 IPSEC_ERROR_CHECK_RETURN(err, "failed to deinitialize vici_client");
1151 static struct vpn_driver vpn_driver = {
1152 .flags = VPN_FLAG_NO_TUN,
1153 .notify = ipsec_notify,
1154 .connect = ipsec_connect,
1155 .error_code = ipsec_error_code,
1157 .disconnect = ipsec_disconnect,
1160 static int ipsec_init(void)
1162 connection = connman_dbus_get_connection();
1164 return vpn_register("ipsec", &vpn_driver, IPSEC);
1167 static void ipsec_exit(void)
1169 vpn_unregister("ipsec");
1171 dbus_connection_unref(connection);
1174 CONNMAN_PLUGIN_DEFINE(ipsec, "IPSec plugin", VERSION,
1175 CONNMAN_PLUGIN_PRIORITY_DEFAULT, ipsec_init, ipsec_exit)