diff options
| author | Martin Willi <martin@revosec.ch> | 2015-03-03 14:08:55 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2015-03-03 14:08:55 +0100 |
| commit | ec57527475579dde7eb5f2efbf953afca0af78da (patch) | |
| tree | 6c1ebab7c7a8ba5a5bb496b25f2a0b94a198f9e1 /src/libcharon/plugins | |
| parent | 1fd70254993da6cfbe5e55a247b42ca86423ff73 (diff) | |
| parent | f05a578b8bff4bb7750e461aaeb5094f0eca4a50 (diff) | |
| download | strongswan-ec57527475579dde7eb5f2efbf953afca0af78da.tar.bz2 strongswan-ec57527475579dde7eb5f2efbf953afca0af78da.tar.xz | |
Merge branch 'eap-constraints'
Introduces basic support for EAP server module authentication constraints. With
EAP-(T)TLS, public key, signature and end entity or CA certificate constraints
can be enforced for connections.
Fixes #762.
Diffstat (limited to 'src/libcharon/plugins')
| -rw-r--r-- | src/libcharon/plugins/eap_tls/eap_tls.c | 7 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/eap_ttls.c | 7 | ||||
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 9 |
3 files changed, 22 insertions, 1 deletions
diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index dffbaf266..bc01ba5df 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -109,6 +109,12 @@ METHOD(eap_method_t, is_mutual, bool, return TRUE; } +METHOD(eap_method_t, get_auth, auth_cfg_t*, + private_eap_tls_t *this) +{ + return this->tls_eap->get_auth(this->tls_eap); +} + METHOD(eap_method_t, destroy, void, private_eap_tls_t *this) { @@ -138,6 +144,7 @@ static eap_tls_t *eap_tls_create(identification_t *server, .get_msk = _get_msk, .get_identifier = _get_identifier, .set_identifier = _set_identifier, + .get_auth = _get_auth, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index 703cd3f29..c99d47f8d 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -111,6 +111,12 @@ METHOD(eap_method_t, is_mutual, bool, return TRUE; } +METHOD(eap_method_t, get_auth, auth_cfg_t*, + private_eap_ttls_t *this) +{ + return this->tls_eap->get_auth(this->tls_eap); +} + METHOD(eap_method_t, destroy, void, private_eap_ttls_t *this) { @@ -141,6 +147,7 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, .get_identifier = _get_identifier, .set_identifier = _set_identifier, .get_msk = _get_msk, + .get_auth = _get_auth, .destroy = _destroy, }, }, diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 3e40a7888..88abe4951 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -620,9 +620,16 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this, else if (strpfx(auth, "eap")) { eap_vendor_type_t *type; + char *pos; cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); - + /* check for public key constraints for EAP-TLS etc. */ + pos = strchr(auth, ':'); + if (pos) + { + *pos = 0; + parse_pubkey_constraints(pos + 1, cfg); + } type = eap_vendor_type_from_string(auth); if (type) { |
