colonelpanic/dotfiles
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[NixOS] Patch nm/strongswan to allow psk < 20

Browse Source
This commit is contained in:
Ivan Malison 2019-06-17 00:59:34 -07:00
parent d86f75a37d
commit bd5e72734c
No known key found for this signature in database
GPG Key ID: 62530EFBE99DC2F8
3 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/configuration.nix
View File

@ -44,7 +44,11 @@ in
# Security and networking
security.sudo.wheelNeedsPassword = false;
networking.networkmanager.enable = true;
networking.networkmanager = {
enable = true;
enableStrongSwan = true;
packages = [ pkgs.networkmanager-l2tp ];
};
networking.firewall.enable = false;
# Audio

11
nixos/overlays.nix
View File

@ -65,4 +65,15 @@ self: super:
--replace run_keybase $out/bin/keybase-gui
'';
});
networkmanager_strongswan = super.networkmanager_strongswan.overrideAttrs (oldAttrs: rec {
src = super.fetchFromGitHub {
owner = "IvanMalison";
repo = "NetworkManager-strongswan";
sha256 = "0vcg58xrjacdswz2fxahgi7shgf2v14mfpscnwza6wns8qx37yzb";
rev = "2849b1817926b7973a5dc530bed7250c95c733bf";
};
});
strongswanNM = super.strongswanNM.overrideAttrs (oldAttrs: rec {
patches = oldAttrs.patches ++ [ ./patch-strongswan.patch ];
});
}

33
nixos/patch-strongswan.patch Normal file
View File

@ -0,0 +1,33 @@
From 71c28adfc1da51bb112ba1c83909d4292f2353cf Mon Sep 17 00:00:00 2001
From: Ivan Malison <IvanMalison@gmail.com>
Date: Fri, 14 Jun 2019 16:03:58 -0700
Subject: [PATCH] Remove dumbass restriction on length of used PSK
---
src/charon-nm/nm/nm_service.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index fb9044d29..ccad2f635 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -409,16 +409,6 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
{
user = identification_create_from_string((char*)str);
str = nm_setting_vpn_get_secret(vpn, "password");
- if (auth_class == AUTH_CLASS_PSK &&
- strlen(str) < 20)
- {
- g_set_error(err, NM_VPN_PLUGIN_ERROR,
- NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
- "pre-shared key is too short.");
- gateway->destroy(gateway);
- user->destroy(user);
- return FALSE;
- }
priv->creds->set_username_password(priv->creds, user, (char*)str);
}
}
--
2.21.0