diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-06-08 17:50:22 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-06-08 17:50:22 +0200 |
| commit | 964f6372ccac59c0bd04fc7f790815d0214b7dfc (patch) | |
| tree | b48d711c4e2a08b4fd69237227df076151036379 | |
| parent | 52ee8131561e2fb2c1ea4ea9e8e55a291a7d4c0c (diff) | |
| download | strongswan-964f6372ccac59c0bd04fc7f790815d0214b7dfc.tar.bz2 strongswan-964f6372ccac59c0bd04fc7f790815d0214b7dfc.tar.xz | |
make an optional XAUTH user ID available in the updown script
| -rw-r--r-- | src/_updown/_updown.in | 3 | ||||
| -rw-r--r-- | src/_updown_espmark/_updown_espmark | 2 | ||||
| -rw-r--r-- | src/pluto/kernel.c | 15 |
3 files changed, 19 insertions, 1 deletions
diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in index 2cc311665..b3c0b83ab 100644 --- a/src/_updown/_updown.in +++ b/src/_updown/_updown.in @@ -115,6 +115,9 @@ # is the UDP/TCP port to which the IPsec SA is # restricted on the peer side. # +# PLUTO_XAUTH_USER +# is an optional user ID employed by the XAUTH protocol +# # define a minimum PATH environment in case it is not set PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@" diff --git a/src/_updown_espmark/_updown_espmark b/src/_updown_espmark/_updown_espmark index 74de0722d..163ef557b 100644 --- a/src/_updown_espmark/_updown_espmark +++ b/src/_updown_espmark/_updown_espmark @@ -115,6 +115,8 @@ # is the UDP/TCP port to which the IPsec SA is # restricted on the peer side. # +# PLUTO_XAUTH_USER +# is an optional user ID employed by the XAUTH protocol # logging of VPN connections # diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index 79ba3aa57..d17489d9a 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -464,9 +464,11 @@ static bool do_command(connection_t *c, struct spd_route *sr, peerclientnet_str[ADDRTOT_BUF], peerclientmask_str[ADDRTOT_BUF], peerca_str[BUF_LEN], + xauth_user_str[BUF_LEN] = "", secure_myid_str[BUF_LEN] = "", secure_peerid_str[BUF_LEN] = "", - secure_peerca_str[BUF_LEN] = ""; + secure_peerca_str[BUF_LEN] = "", + secure_xauth_user_str[BUF_LEN] = ""; ip_address ta; pubkey_list_t *p; @@ -503,6 +505,15 @@ static bool do_command(connection_t *c, struct spd_route *sr, maskof(&sr->this.client, &ta); addrtot(&ta, 0, myclientmask_str, sizeof(myclientmask_str)); + if (c->xauth_identity && + c->xauth_identity->get_type(c->xauth_identity) != ID_ANY) + { + snprintf(xauth_user_str, sizeof(xauth_user_str), + "PLUTO_XAUTH_USER='%Y' ", c->xauth_identity); + escape_metachar(xauth_user_str, secure_xauth_user_str, + sizeof(secure_xauth_user_str)); + } + addrtot(&sr->that.host_addr, 0, peer_str, sizeof(peer_str)); snprintf(peerid_str, sizeof(peerid_str), "%Y", sr->that.id); escape_metachar(peerid_str, secure_peerid_str, sizeof(secure_peerid_str)); @@ -560,6 +571,7 @@ static bool do_command(connection_t *c, struct spd_route *sr, "PLUTO_PEER_PROTOCOL='%u' " "PLUTO_PEER_CA='%s' " "%s" /* optional PLUTO_MY_SRCIP */ + "%s" /* optional PLUTO_XAUTH_USER */ "%s" /* actual script */ , verb, verb_suffix , c->name @@ -583,6 +595,7 @@ static bool do_command(connection_t *c, struct spd_route *sr, , sr->that.protocol , secure_peerca_str , srcip_str + , secure_xauth_user_str , sr->this.updown == NULL? DEFAULT_UPDOWN : sr->this.updown)) { loglog(RC_LOG_SERIOUS, "%s%s command too long!", verb, verb_suffix); |