You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 lines
5.0 KiB
122 lines
5.0 KiB
diff --git a/src/nm-l2tp-service.c b/src/nm-l2tp-service.c
|
|
index 660bbe0..5ca8617 100644
|
|
--- a/src/nm-l2tp-service.c
|
|
+++ b/src/nm-l2tp-service.c
|
|
@@ -1117,13 +1117,16 @@ nm_l2tp_config_write (NML2tpPlugin *plugin,
|
|
return FALSE;
|
|
}
|
|
if (tls_need_password)
|
|
- value = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_MACHINE_CERTPASS);
|
|
+ value = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS);
|
|
else
|
|
value = NULL;
|
|
|
|
tls_key_out_filename = g_strdup_printf ("%s/key.pem", rundir);
|
|
tls_cert_out_filename = g_strdup_printf ("%s/cert.pem", rundir);
|
|
- tls_ca_out_filename = g_strdup_printf ("%s/ca.pem", rundir);;
|
|
+ tls_ca_out_filename = g_strdup_printf ("%s/ca.pem", rundir);
|
|
+ unlink (tls_key_out_filename);
|
|
+ unlink (tls_cert_out_filename);
|
|
+ unlink (tls_ca_out_filename);
|
|
if (tls_key_fileformat == NM_L2TP_CRYPTO_FILE_FORMAT_PKCS12) {
|
|
crypto_pkcs12_to_pem_files (tls_cert_filename,
|
|
value,
|
|
@@ -1198,20 +1201,29 @@ nm_l2tp_config_write (NML2tpPlugin *plugin,
|
|
}
|
|
|
|
write_config_option (fd, "need-peer-eap\n");
|
|
- if (tls_key_out_filename)
|
|
- write_config_option (fd, "key \"%s\"\n", tls_key_out_filename);
|
|
- else
|
|
+ if (tls_key_out_filename) {
|
|
+ if (g_file_test (tls_key_out_filename, G_FILE_TEST_EXISTS)) {
|
|
+ write_config_option (fd, "key \"%s\"\n", tls_key_out_filename);
|
|
+ }
|
|
+ } else {
|
|
write_config_option (fd, "key \"%s\"\n", tls_key_filename);
|
|
+ }
|
|
|
|
- if (tls_cert_out_filename)
|
|
- write_config_option (fd, "cert \"%s\"\n", tls_cert_out_filename);
|
|
- else
|
|
+ if (tls_cert_out_filename) {
|
|
+ if (g_file_test (tls_cert_out_filename, G_FILE_TEST_EXISTS)) {
|
|
+ write_config_option (fd, "cert \"%s\"\n", tls_cert_out_filename);
|
|
+ }
|
|
+ } else {
|
|
write_config_option (fd, "cert \"%s\"\n", tls_cert_filename);
|
|
+ }
|
|
|
|
- if (tls_ca_out_filename)
|
|
- write_config_option (fd, "ca \"%s\"\n", tls_ca_filename);
|
|
- else if (tls_ca_filename)
|
|
+ if (tls_ca_out_filename) {
|
|
+ if (g_file_test (tls_ca_out_filename, G_FILE_TEST_EXISTS)) {
|
|
+ write_config_option (fd, "ca \"%s\"\n", tls_ca_out_filename);
|
|
+ }
|
|
+ } else if (tls_ca_filename) {
|
|
write_config_option (fd, "ca \"%s\"\n", tls_ca_filename);
|
|
+ }
|
|
} else {
|
|
/* Username; try L2TP specific username first, then generic username */
|
|
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER);
|
|
@@ -1529,8 +1541,10 @@ handle_need_secrets (NMDBusL2tpPpp *object,
|
|
NML2tpPlugin *self = NM_L2TP_PLUGIN (user_data);
|
|
NML2tpPluginPrivate *priv = NM_L2TP_PLUGIN_GET_PRIVATE (self);
|
|
NMSettingVpn *s_vpn;
|
|
+ NML2tpCryptoFileFormat tls_key_fileformat;
|
|
const char *user, *password, *domain, *auth_type, *tls_key_filename;
|
|
gchar *username;
|
|
+ gchar *key_filename;
|
|
gboolean tls_need_password = FALSE;
|
|
|
|
remove_timeout_handler (NM_L2TP_PLUGIN (user_data));
|
|
@@ -1541,20 +1555,36 @@ handle_need_secrets (NMDBusL2tpPpp *object,
|
|
auth_type = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER_AUTH_TYPE);
|
|
if (nm_streq0 (auth_type, NM_L2TP_AUTHTYPE_TLS)) {
|
|
tls_key_filename = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_USER_KEY);
|
|
- crypto_file_format (tls_key_filename, &tls_need_password, NULL);
|
|
+ tls_key_fileformat = crypto_file_format (tls_key_filename, &tls_need_password, NULL);
|
|
+
|
|
+ switch (tls_key_fileformat) {
|
|
+ case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS12 :
|
|
+ case NM_L2TP_CRYPTO_FILE_FORMAT_PKCS8_DER :
|
|
+ case NM_L2TP_CRYPTO_FILE_FORMAT_RSA_PKEY_DER :
|
|
+ case NM_L2TP_CRYPTO_FILE_FORMAT_DSA_PKEY_DER :
|
|
+ case NM_L2TP_CRYPTO_FILE_FORMAT_ECDSA_PKEY_DER :
|
|
+ key_filename = g_strdup_printf (RUNSTATEDIR"/nm-l2tp-%s/key.pem", priv->uuid);
|
|
+ break;
|
|
|
|
- if (!tls_need_password)
|
|
- return FALSE;
|
|
+ default :
|
|
+ key_filename = g_strdup (tls_key_filename);
|
|
+ }
|
|
|
|
- password = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS);
|
|
- if (!password || !strlen (password)) {
|
|
- g_dbus_method_invocation_return_error_literal (invocation,
|
|
- NM_VPN_PLUGIN_ERROR,
|
|
- NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
|
|
- _("Missing or invalid VPN user certificate password."));
|
|
- return FALSE;;
|
|
+ if (!tls_need_password) {
|
|
+ nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, key_filename, "");
|
|
+ } else {
|
|
+ password = nm_setting_vpn_get_secret (s_vpn, NM_L2TP_KEY_USER_CERTPASS);
|
|
+ if (!password || !strlen (password)) {
|
|
+ g_dbus_method_invocation_return_error_literal (invocation,
|
|
+ NM_VPN_PLUGIN_ERROR,
|
|
+ NM_VPN_PLUGIN_ERROR_INVALID_CONNECTION,
|
|
+ _("Missing or invalid VPN user certificate password."));
|
|
+ g_free (key_filename);
|
|
+ return FALSE;;
|
|
+ }
|
|
+ nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, key_filename, password);
|
|
}
|
|
- nmdbus_l2tp_ppp_complete_need_secrets (object, invocation, tls_key_filename, password);
|
|
+ g_free (key_filename);
|
|
|
|
} else {
|
|
/* Username; try L2TP specific username first, then generic username */
|