diff options
| author | Martin Willi <martin@revosec.ch> | 2012-01-20 15:33:26 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:31:38 +0100 |
| commit | c791def8c13ccb587ec9e37570f9a957af6a515e (patch) | |
| tree | db732340a5e5cfea2a9d281ecc682230898a83fc /src/starter | |
| parent | c390569a76524a72e25a8885f3f8dc920700207d (diff) | |
| download | strongswan-c791def8c13ccb587ec9e37570f9a957af6a515e.tar.bz2 strongswan-c791def8c13ccb587ec9e37570f9a957af6a515e.tar.xz | |
Added support for authby/xauth_server legacy options
Diffstat (limited to 'src/starter')
| -rw-r--r-- | src/starter/starterstroke.c | 59 |
1 files changed, 39 insertions, 20 deletions
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 9fbfffc83..c527ae0b4 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -198,26 +198,6 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.length = offsetof(stroke_msg_t, buffer); msg.add_conn.version = conn->keyexchange; msg.add_conn.name = push_string(&msg, connection_name(conn)); - - /* PUBKEY is preferred to PSK and EAP */ - if (conn->policy & POLICY_PUBKEY) - { - msg.add_conn.auth_method = AUTH_CLASS_PUBKEY; - } - else if (conn->policy & POLICY_PSK) - { - msg.add_conn.auth_method = AUTH_CLASS_PSK; - } - else if (conn->policy & POLICY_XAUTH_PSK) - { - msg.add_conn.auth_method = AUTH_CLASS_EAP; - } - else - { - msg.add_conn.auth_method = AUTH_CLASS_ANY; - } - msg.add_conn.eap_type = conn->eap_type; - msg.add_conn.eap_vendor = conn->eap_vendor; msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity); msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity); msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity); @@ -287,6 +267,45 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left); starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right); + if (!msg.add_conn.me.auth && !msg.add_conn.other.auth) + { /* leftauth/rightauth not set, use legacy options */ + if (conn->policy & POLICY_PUBKEY) + { + msg.add_conn.me.auth = push_string(&msg, "pubkey"); + msg.add_conn.other.auth = push_string(&msg, "pubkey"); + } + else if (conn->policy & POLICY_PSK) + { + msg.add_conn.me.auth = push_string(&msg, "psk"); + msg.add_conn.other.auth = push_string(&msg, "psk"); + } + else if (conn->policy & POLICY_XAUTH_RSASIG) + { + msg.add_conn.me.auth = push_string(&msg, "pubkey"); + msg.add_conn.other.auth = push_string(&msg, "pubkey"); + if (conn->policy & POLICY_XAUTH_SERVER) + { + msg.add_conn.other.auth2 = push_string(&msg, "xauth"); + } + else + { + msg.add_conn.me.auth2 = push_string(&msg, "xauth"); + } + } + else if (conn->policy & POLICY_XAUTH_PSK) + { + msg.add_conn.me.auth = push_string(&msg, "psk"); + msg.add_conn.other.auth = push_string(&msg, "psk"); + if (conn->policy & POLICY_XAUTH_SERVER) + { + msg.add_conn.other.auth2 = push_string(&msg, "xauth"); + } + else + { + msg.add_conn.me.auth2 = push_string(&msg, "xauth"); + } + } + } return send_stroke_msg(&msg); } |