diff options
| author | Martin Willi <martin@revosec.ch> | 2014-10-06 11:52:49 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-10-06 18:30:46 +0200 |
| commit | b2c1973ffbfb37b76bf4069779eb6319a40d1ddd (patch) | |
| tree | 25fd77dbcb2a778d5f31364805658e7f9b4686b2 /conf | |
| parent | 6890bdc7a04d7e0f7af8855a129e87ae9f0b43ec (diff) | |
| download | strongswan-b2c1973ffbfb37b76bf4069779eb6319a40d1ddd.tar.bz2 strongswan-b2c1973ffbfb37b76bf4069779eb6319a40d1ddd.tar.xz | |
ext-auth: Add an ext-auth plugin invoking an external authorization script
Original patch courtesy of Vyronas Tsingaras.
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/Makefile.am | 1 | ||||
| -rw-r--r-- | conf/plugins/ext-auth.opt | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/conf/Makefile.am b/conf/Makefile.am index ee9ce72ea..e5077391a 100644 --- a/conf/Makefile.am +++ b/conf/Makefile.am @@ -45,6 +45,7 @@ plugins = \ plugins/eap-tnc.opt \ plugins/eap-ttls.opt \ plugins/error-notify.opt \ + plugins/ext-auth.opt \ plugins/gcrypt.opt \ plugins/ha.opt \ plugins/imc-attestation.opt \ diff --git a/conf/plugins/ext-auth.opt b/conf/plugins/ext-auth.opt new file mode 100644 index 000000000..bf127b9d7 --- /dev/null +++ b/conf/plugins/ext-auth.opt @@ -0,0 +1,15 @@ +charon.plugins.ext-auth.script = + Shell script to invoke for peer authorization. + + Command to pass to the system shell for peer authorization. Authorization + is considered successful if the command executes normally with an exit code + of zero. For all other exit codes IKE_SA authorization is rejected. + + The following environment variables get passed to the script: + _IKE_UNIQUE_ID_: The IKE_SA numerical unique identifier. + _IKE_NAME_: The peer configuration connection name. + _IKE_LOCAL_HOST_: Local IKE IP address. + _IKE_REMOTE_HOST_: Remote IKE IP address. + _IKE_LOCAL_ID_: Local IKE identity. + _IKE_REMOTE_ID_: Remote IKE identity. + _IKE_REMOTE_EAP_ID_: Remote EAP or XAuth identity, if used. |