diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-05-15 10:18:29 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-05-15 10:18:29 +0200 |
| commit | 8143f109148089f7006f18d70fcc576b42344cc6 (patch) | |
| tree | f4cc3f384621970bf223a46ae680013b8140e660 /src | |
| parent | b8520ad50d53b8f81f9c358d75717b6e59a06cd2 (diff) | |
| download | strongswan-8143f109148089f7006f18d70fcc576b42344cc6.tar.bz2 strongswan-8143f109148089f7006f18d70fcc576b42344cc6.tar.xz | |
introduced xauth_identity keyword
Diffstat (limited to 'src')
| -rw-r--r-- | src/pluto/connections.c | 12 | ||||
| -rw-r--r-- | src/pluto/connections.h | 2 | ||||
| -rw-r--r-- | src/pluto/rcv_whack.c | 1 | ||||
| -rw-r--r-- | src/starter/args.c | 1 | ||||
| -rw-r--r-- | src/starter/confread.h | 1 | ||||
| -rw-r--r-- | src/starter/keywords.h | 1 | ||||
| -rw-r--r-- | src/starter/keywords.txt | 1 | ||||
| -rw-r--r-- | src/starter/starterwhack.c | 2 | ||||
| -rw-r--r-- | src/whack/whack.c | 1 | ||||
| -rw-r--r-- | src/whack/whack.h | 48 |
10 files changed, 50 insertions, 20 deletions
diff --git a/src/pluto/connections.c b/src/pluto/connections.c index a8d297ebf..e1f47f2d6 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -404,11 +404,11 @@ void delete_connection(connection_t *c, bool relations) cur_debugging = old_cur_debugging; #endif free(c->name); + DESTROY_IF(c->xauth_identity); DESTROY_IF(c->spd.this.id); DESTROY_IF(c->spd.this.ca); DESTROY_IF(c->spd.this.groups); DESTROY_IF(c->spd.this.host_srcip); - free(c->spd.this.updown); free(c->spd.this.pool); DESTROY_IF(c->spd.that.id); @@ -759,6 +759,10 @@ static size_t format_connection(char *buf, size_t buf_len, static void unshare_connection_strings(connection_t *c) { c->name = clone_str(c->name); + if (c->xauth_identity) + { + c->xauth_identity = c->xauth_identity->clone(c->xauth_identity); + } c->spd.this.id = c->spd.this.id->clone(c->spd.this.id); c->spd.this.pool = clone_str(c->spd.this.pool); c->spd.this.updown = clone_str(c->spd.this.updown); @@ -1137,6 +1141,12 @@ void add_connection(const whack_message_t *wm) } } + if (wm->xauth_identity) + { + c->xauth_identity + = identification_create_from_string(wm->xauth_identity); + } + c->sa_ike_life_seconds = wm->sa_ike_life_seconds; c->sa_ipsec_life_seconds = wm->sa_ipsec_life_seconds; c->sa_rekey_margin = wm->sa_rekey_margin; diff --git a/src/pluto/connections.h b/src/pluto/connections.h index 1aa3b5757..b67f0b562 100644 --- a/src/pluto/connections.h +++ b/src/pluto/connections.h @@ -183,6 +183,8 @@ struct connection { unsigned long sa_rekey_fuzz; unsigned long sa_keying_tries; + identification_t *xauth_identity; /* XAUTH identity */ + /* RFC 3706 DPD */ time_t dpd_delay; time_t dpd_timeout; diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c index bf5ccb10c..c140095f0 100644 --- a/src/pluto/rcv_whack.c +++ b/src/pluto/rcv_whack.c @@ -329,6 +329,7 @@ void whack_handle(int whackctlfd) || !unpack_str(&msg.sc_data) /* string 26 */ || !unpack_str(&msg.whack_lease_ip) /* string 27 */ || !unpack_str(&msg.whack_lease_id) /* string 28 */ + || !unpack_str(&msg.xauth_identity) /* string 29 */ || str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */ { ugh = "message from whack contains bad string"; diff --git a/src/starter/args.c b/src/starter/args.c index ad9d5e485..26f3aaef4 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -230,6 +230,7 @@ static const token_info_t token_info[] = { ARG_TIME, offsetof(starter_conn_t, inactivity), NULL }, { ARG_MISC, 0, NULL /* KW_MODECONFIG */ }, { ARG_MISC, 0, NULL /* KW_XAUTH */ }, + { ARG_STR, offsetof(starter_conn_t, xauth_identity), NULL }, { ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool }, { ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL }, { ARG_STR, offsetof(starter_conn_t, me_peerid), NULL }, diff --git a/src/starter/confread.h b/src/starter/confread.h index d7276986c..5d845c2b9 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -110,6 +110,7 @@ struct starter_conn { u_int32_t eap_type; u_int32_t eap_vendor; char *eap_identity; + char *xauth_identity; lset_t policy; time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; diff --git a/src/starter/keywords.h b/src/starter/keywords.h index c845b30be..85b847230 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -93,6 +93,7 @@ typedef enum { KW_INACTIVITY, KW_MODECONFIG, KW_XAUTH, + KW_XAUTH_IDENTITY, KW_MEDIATION, KW_MEDIATED_BY, KW_ME_PEERID, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index 8c05730a7..894e1e94f 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -84,6 +84,7 @@ dpdaction, KW_DPDACTION inactivity, KW_INACTIVITY modeconfig, KW_MODECONFIG xauth, KW_XAUTH +xauth_identity, KW_XAUTH_IDENTITY mediation, KW_MEDIATION mediated_by, KW_MEDIATED_BY me_peerid, KW_ME_PEERID diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c index 527142a4e..87590f269 100644 --- a/src/starter/starterwhack.c +++ b/src/starter/starterwhack.c @@ -93,6 +93,7 @@ static int send_whack_msg (whack_message_t *msg) || !pack_str(&msg->sc_data, &str_next, &str_roof) || !pack_str(&msg->whack_lease_ip, &str_next, &str_roof) || !pack_str(&msg->whack_lease_id, &str_next, &str_roof) + || !pack_str(&msg->xauth_identity, &str_next, &str_roof) || (str_roof - str_next < msg->keyval.len)) { plog("send_wack_msg(): can't pack strings"); @@ -285,6 +286,7 @@ int starter_whack_add_conn(starter_conn_t *conn) msg.sa_rekey_fuzz = conn->sa_rekey_fuzz; msg.sa_keying_tries = conn->sa_keying_tries; msg.policy = conn->policy; + msg.xauth_identity = conn->xauth_identity; /* * Make sure the IKEv2-only policy bits are unset for IKEv1 connections diff --git a/src/whack/whack.c b/src/whack/whack.c index 5f986108b..643e4be04 100644 --- a/src/whack/whack.c +++ b/src/whack/whack.c @@ -1804,6 +1804,7 @@ int main(int argc, char **argv) || !pack_str(&msg.sc_data) /* string 26 */ || !pack_str(&msg.whack_lease_ip) /* string 27 */ || !pack_str(&msg.whack_lease_id) /* string 28 */ + || !pack_str(&msg.xauth_identity) /* string 29 */ || str_roof - next_str < (ptrdiff_t)msg.keyval.len) diag("too many bytes of strings to fit in message to pluto"); diff --git a/src/whack/whack.h b/src/whack/whack.h index b495d3489..4a2189d9f 100644 --- a/src/whack/whack.h +++ b/src/whack/whack.h @@ -48,7 +48,7 @@ typedef enum { */ #define WHACK_BASIC_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 24) -#define WHACK_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 26) +#define WHACK_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 29) typedef struct whack_end whack_end_t; @@ -214,30 +214,40 @@ struct whack_message { int inbase, outbase; char *sc_data; + /* XAUTH user identity */ + char *xauth_identity; + /* space for strings (hope there is enough room): * Note that pointers don't travel on wire. - * 1 connection name [name_len] - * 2 left's name [left.host.name.len] + * 1 connection name + * 2 left's id * 3 left's cert * 4 left's ca * 5 left's groups * 6 left's updown - * 7 right's name [left.host.name.len] - * 8 right's cert - * 9 right's ca - * 10 right's groups - * 11 right's updown - * 12 keyid - * 13 myid - * 14 cacert - * 15 ldaphost - * 16 ldapbase - * 17 crluri - * 18 crluri2 - * 19 ocspuri - * 20 ike - " 21 esp - * 22 rsa_data + * 7 left's source ip + * 8 left's virtual ip ranges + * 9 right's id + * 10 right's cert + * 11 right's ca + * 12 right's groups + * 13 right's updown + * 14 right's source ip + * 15 right's virtual ip ranges + * 16 keyid + * 17 myid + * 18 cacert + * 19 ldaphost + * 20 ldapbase + * 21 crluri + * 22 crluri2 + * 23 ocspuri + * 24 ike + * 25 esp + * 26 smartcard data + * 27 whack leases ip argument + * 28 whack leases id argument + * 29 xauth identity * plus keyval (limit: 8K bits + overhead), a chunk. */ size_t str_size; |