Merge branch 'ext-auth'5.2.1dr1

Integrates the ext-auth plugin by Vyronas Tsingaras. The new child process
abstraction simplifies implementation in both the new ext-auth and the existing
updown plugin, and makes them available on the Windows platform.

1 files changed, 15 insertions, 0 deletions

diff --git a/conf/plugins/ext-auth.opt b/conf/plugins/ext-auth.opt
new file mode 100644
index 000000000..bf127b9d7
--- /dev/null
+++ b/conf/plugins/ext-auth.opt
@@ -0,0 +1,15 @@
+charon.plugins.ext-auth.script =
+	Shell script to invoke for peer authorization.
+
+	Command to pass to the system shell for peer authorization. Authorization
+	is considered successful if the command executes normally with an exit code
+	of zero. For all other exit codes IKE_SA authorization is rejected.
+
+	The following environment variables get passed to the script:
+	_IKE_UNIQUE_ID_: The IKE_SA numerical unique identifier.
+	_IKE_NAME_: The peer configuration connection name.
+	_IKE_LOCAL_HOST_: Local IKE IP address.
+	_IKE_REMOTE_HOST_: Remote IKE IP address.
+	_IKE_LOCAL_ID_: Local IKE identity.
+	_IKE_REMOTE_ID_: Remote IKE identity.
+	_IKE_REMOTE_EAP_ID_: Remote EAP or XAuth identity, if used.