classify an EAP identity as a username

3 files changed, 18 insertions, 10 deletions

diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index b7a889c3d..aee36d6bb 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -45,14 +45,20 @@ static bool publish_ike_sa(private_tnc_ifmap_listener_t *this,
 						   ike_sa_t *ike_sa, bool up)
 {
 	u_int32_t ike_sa_id;
-	identification_t *id;
+	identification_t *id, *eap_id;
+	bool is_user;
 	host_t *host;
 
 	ike_sa_id = ike_sa->get_unique_id(ike_sa);
 	id = ike_sa->get_other_id(ike_sa);
+	eap_id = ike_sa->get_other_eap_id(ike_sa);
 	host = ike_sa->get_other_host(ike_sa);
 
-	return this->ifmap->publish(this->ifmap, ike_sa_id, id, host, up);
+	/* In the presence of an EAP Identity, treat it as a username */
+	is_user = !id->equals(id, eap_id);
+
+	return this->ifmap->publish_ike_sa(this->ifmap, ike_sa_id, eap_id, is_user,
+									   host, up);
 }
 
 /**
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index acef2cc5e..b1c7f5a0f 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -215,7 +215,7 @@ static axiom_node_t* create_access_request(private_tnc_ifmap_soap_t *this,
  * Create an identity
  */
 static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this,
-										   identification_t *id)
+									 identification_t *id, bool is_user)
 {
 	axiom_element_t *el;
 	axiom_node_t *node;
@@ -231,7 +231,7 @@ static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this,
 	switch (id->get_type(id))
 	{
 		case ID_FQDN:
-			id_type = "dns-name";
+			id_type = is_user ? "username" : "dns-name";
 			break;
 		case ID_RFC822_ADDR:
 			id_type = "email-address";
@@ -333,9 +333,9 @@ static axiom_node_t* create_delete_filter(private_tnc_ifmap_soap_t *this,
 	return node;
 }
 
-METHOD(tnc_ifmap_soap_t, publish, bool,
+METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool,
 	private_tnc_ifmap_soap_t *this, u_int32_t ike_sa_id, identification_t *id,
-	host_t *host, bool up)
+	bool is_user, host_t *host, bool up)
 {
 	axiom_node_t *request, *node;
 	axiom_element_t *el;
@@ -368,7 +368,7 @@ METHOD(tnc_ifmap_soap_t, publish, bool,
 	axiom_node_add_child(node, this->env,
 						 	 create_access_request(this, ike_sa_id));
 	axiom_node_add_child(node, this->env,
-							 create_identity(this, id));
+							 create_identity(this, id, is_user));
 	if (up)
 	{
 		axiom_node_add_child(node, this->env,
@@ -501,7 +501,7 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create()
 		.public = {
 			.newSession = _newSession,
 			.purgePublisher = _purgePublisher,
-			.publish = _publish,
+			.publish_ike_sa = _publish_ike_sa,
 			.endSession = _endSession,
 			.destroy = _destroy,
 		},
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
index ca4301175..9d24425fe 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
@@ -50,13 +50,15 @@ struct tnc_ifmap_soap_t {
 	 *
 	 * @param ike_sa_id		unique IKE_SA id
 	 * @param id			id of remote endpoint
+	 * @param is_user		TRUE if id is an EAP username
 	 * @param host			IP address of remote endpoint
 	 * @param up			TRUE if IKE_SEA is up, FALSE if down
 	 * @return				TRUE if command was successful
 	 */
 
-	bool (*publish)(tnc_ifmap_soap_t *this,  u_int32_t ike_sa_id,
-					identification_t *id, host_t *host, bool up);
+	bool (*publish_ike_sa)(tnc_ifmap_soap_t *this,  u_int32_t ike_sa_id,
+						   identification_t *id, bool is_user,
+						   host_t *host, bool up);
 
 	/**
 	 * Ends an IF-MAP session