diff options
| author | Martin Willi <martin@strongswan.org> | 2009-12-01 13:01:56 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-12-01 14:24:07 +0100 |
| commit | 5b4d0de7d487dc665389c5ef24502f115eac99fa (patch) | |
| tree | c6d8eaafa78f90e09b863add15bd66252c876be1 | |
| parent | f6116e61fcfa892fcc051979dca9e10bf631f95a (diff) | |
| download | strongswan-5b4d0de7d487dc665389c5ef24502f115eac99fa.tar.bz2 strongswan-5b4d0de7d487dc665389c5ef24502f115eac99fa.tar.xz | |
Prefer EAP-Identity for provider attribute/address lookup
| -rw-r--r-- | src/charon/sa/tasks/ike_config.c | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/src/charon/sa/tasks/ike_config.c b/src/charon/sa/tasks/ike_config.c index a42a1c68f..b1c133a4e 100644 --- a/src/charon/sa/tasks/ike_config.c +++ b/src/charon/sa/tasks/ike_config.c @@ -299,6 +299,38 @@ static status_t process_r(private_ike_config_t *this, message_t *message) } /** + * Find a peer (EAP) identity to query provider for attributes + */ +static identification_t *get_peer_identity(private_ike_config_t *this) +{ + identification_t *id = NULL, *current; + enumerator_t *enumerator; + auth_cfg_t *cfg; + + enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE); + while (enumerator->enumerate(enumerator, &cfg)) + { + /* prefer EAP-Identity of last round */ + current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY); + if (!current || current->get_type(current) == ID_ANY) + { + current = cfg->get(cfg, AUTH_RULE_IDENTITY); + } + if (current && current->get_type(current) != ID_ANY) + { + id = current; + continue; + } + } + enumerator->destroy(enumerator); + if (!id) + { /* fallback, should not happen */ + id = this->ike_sa->get_other_id(this->ike_sa); + } + return id; +} + +/** * Implementation of task_t.build for responder */ static status_t build_r(private_ike_config_t *this, message_t *message) @@ -311,6 +343,9 @@ static status_t build_r(private_ike_config_t *this, message_t *message) host_t *vip = NULL; cp_payload_t *cp = NULL; peer_cfg_t *config; + identification_t *id; + + id = get_peer_identity(this); config = this->ike_sa->get_peer_cfg(this->ike_sa); if (config && this->virtual_ip) @@ -319,9 +354,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message) if (config->get_pool(config)) { vip = lib->attributes->acquire_address(lib->attributes, - config->get_pool(config), - this->ike_sa->get_other_id(this->ike_sa), - this->virtual_ip); + config->get_pool(config), id, this->virtual_ip); } if (vip == NULL) { @@ -340,7 +373,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message) /* query registered providers for additional attributes to include */ enumerator = lib->attributes->create_responder_enumerator( - lib->attributes, this->ike_sa->get_other_id(this->ike_sa), vip); + lib->attributes, id, vip); while (enumerator->enumerate(enumerator, &type, &value)) { if (!cp) |