diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-05-14 17:36:46 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-06-11 17:33:30 +0200 |
| commit | e838c39ba965787395ee05f64e78990398d3624c (patch) | |
| tree | 5f4b26e8d75e3f97621021bbb45fec2ab97f0a69 | |
| parent | 041e763b7741906f18ec38bcb64fbabe11256080 (diff) | |
| download | strongswan-e838c39ba965787395ee05f64e78990398d3624c.tar.bz2 strongswan-e838c39ba965787395ee05f64e78990398d3624c.tar.xz | |
starter: Parse authby as string.
| -rw-r--r-- | src/starter/args.c | 16 | ||||
| -rw-r--r-- | src/starter/confread.c | 50 | ||||
| -rw-r--r-- | src/starter/confread.h | 11 | ||||
| -rw-r--r-- | src/starter/starterstroke.c | 13 |
4 files changed, 29 insertions, 61 deletions
diff --git a/src/starter/args.c b/src/starter/args.c index 00d66eaed..336064633 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -155,6 +155,20 @@ static const char *LST_klipsdebug[] = { NULL }; +static const char *LST_authby[] = { + "psk", + "secret", + "pubkey", + "rsa", + "rsasig", + "ecdsa", + "ecdsasig", + "xauthpsk", + "xauthrsasig", + "never", + NULL +}; + typedef struct { arg_t type; size_t offset; @@ -206,7 +220,7 @@ static const token_info_t token_info[] = { ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool }, { ARG_ENUM, offsetof(starter_conn_t, aggressive), LST_bool }, { ARG_MISC, 0, NULL /* KW_AUTH */ }, - { ARG_MISC, 0, NULL /* KW_AUTHBY */ }, + { ARG_STR, offsetof(starter_conn_t, authby), LST_authby }, { ARG_STR, offsetof(starter_conn_t, eap_identity), NULL }, { ARG_STR, offsetof(starter_conn_t, aaa_identity), NULL }, { ARG_MISC, 0, NULL /* KW_MOBIKE */ }, diff --git a/src/starter/confread.c b/src/starter/confread.c index 47afc5559..d78db5b28 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -588,56 +588,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg case KW_AUTH: KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE) break; - case KW_AUTHBY: - conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT); - - if (!streq(kw->value, "never")) - { - char *value = kw->value; - char *second = strchr(kw->value, '|'); - - if (second != NULL) - { - *second = '\0'; - } - - /* also handles the cases secret|rsasig and rsasig|secret */ - for (;;) - { - if (streq(value, "rsa") || streq(value, "rsasig") || - streq(value, "ecdsa") || streq(value, "ecdsasig") || - streq(value, "pubkey")) - { - conn->policy |= POLICY_PUBKEY | POLICY_ENCRYPT; - } - else if (streq(value, "secret") || streq(value, "psk")) - { - conn->policy |= POLICY_PSK | POLICY_ENCRYPT; - } - else if (streq(value, "xauthrsasig")) - { - conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT; - } - else if (streq(value, "xauthpsk")) - { - conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT; - } - else - { - DBG1(DBG_APP, "# bad policy value: %s=%s", - kw->entry->name, kw->value); - cfg->err++; - break; - } - if (second == NULL) - { - break; - } - value = second; - second = NULL; /* traverse the loop no more than twice */ - } - } - break; case KW_MARK: if (!handle_mark(kw->value, &conn->mark_in)) { diff --git a/src/starter/confread.h b/src/starter/confread.h index c142961b3..0907997e5 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -111,14 +111,15 @@ struct starter_conn { char *eap_identity; char *aaa_identity; char *xauth_identity; + char *authby; lset_t policy; time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; time_t sa_rekey_margin; - u_int64_t sa_ipsec_life_bytes; - u_int64_t sa_ipsec_margin_bytes; - u_int64_t sa_ipsec_life_packets; - u_int64_t sa_ipsec_margin_packets; + u_int64_t sa_ipsec_life_bytes; + u_int64_t sa_ipsec_margin_bytes; + u_int64_t sa_ipsec_life_packets; + u_int64_t sa_ipsec_margin_packets; unsigned long sa_keying_tries; unsigned long sa_rekey_fuzz; u_int32_t reqid; @@ -171,7 +172,7 @@ struct starter_ca { char *crluri2; char *ocspuri; char *ocspuri2; - char *certuribase; + char *certuribase; bool strict; diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index bef7ede9a..6cd9b6c69 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -270,19 +270,22 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left); starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right); - if (!msg.add_conn.me.auth && !msg.add_conn.other.auth) + if (!msg.add_conn.me.auth && !msg.add_conn.other.auth && + conn->authby) { /* leftauth/rightauth not set, use legacy options */ - if (conn->policy & POLICY_PUBKEY) + if (streq(conn->authby, "rsa") || streq(conn->authby, "rsasig") || + streq(conn->authby, "ecdsa") || streq(conn->authby, "ecdsasig") || + streq(conn->authby, "pubkey")) { msg.add_conn.me.auth = push_string(&msg, "pubkey"); msg.add_conn.other.auth = push_string(&msg, "pubkey"); } - else if (conn->policy & POLICY_PSK) + else if (streq(conn->authby, "secret") || streq(conn->authby, "psk")) { msg.add_conn.me.auth = push_string(&msg, "psk"); msg.add_conn.other.auth = push_string(&msg, "psk"); } - else if (conn->policy & POLICY_XAUTH_RSASIG) + else if (streq(conn->authby, "xauthrsasig")) { msg.add_conn.me.auth = push_string(&msg, "pubkey"); msg.add_conn.other.auth = push_string(&msg, "pubkey"); @@ -295,7 +298,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.me.auth2 = push_string(&msg, "xauth"); } } - else if (conn->policy & POLICY_XAUTH_PSK) + else if (streq(conn->authby, "xauthpsk")) { msg.add_conn.me.auth = push_string(&msg, "psk"); msg.add_conn.other.auth = push_string(&msg, "psk"); |