diff options
| author | Reto Buerki <reet@codelabs.ch> | 2012-08-31 12:58:00 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-19 15:23:47 +0100 |
| commit | 9df5645623aa19959eaa7648f15caff6387f8fd0 (patch) | |
| tree | 3c5e75cbf1331138b8d867c38570dfebb242841f /src | |
| parent | 071e792a85f2128f07d2cbf1c1c9ab7531131c1f (diff) | |
| download | strongswan-9df5645623aa19959eaa7648f15caff6387f8fd0.tar.bz2 strongswan-9df5645623aa19959eaa7648f15caff6387f8fd0.tar.xz | |
listener: Register message hook
Use the message hook to save the AUTHENTICATION payload of an incoming
IKE_AUTH message.
The AUTH payload will be passed on to the TKM ike_isa_auth operation in
the authorize hook.
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_listener.c | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_listener.c b/src/charon-tkm/src/tkm/tkm_listener.c index ee8fb4925..536ba78b2 100644 --- a/src/charon-tkm/src/tkm/tkm_listener.c +++ b/src/charon-tkm/src/tkm/tkm_listener.c @@ -15,6 +15,8 @@ */ #include <daemon.h> +#include <encoding/payloads/auth_payload.h> +#include <utils/chunk.h> #include <tkm/types.h> #include "tkm_listener.h" @@ -47,10 +49,49 @@ METHOD(listener_t, authorize, bool, const isa_id_type isa_id = keymat->get_isa_id(keymat); DBG1(DBG_IKE, "TKM authorize listener called for ISA context %llu", isa_id); + const chunk_t * const auth = keymat->get_auth_payload(keymat); + if (!auth->ptr) + { + DBG1(DBG_IKE, "no AUTHENTICATION data available"); + *success = FALSE; + } + + DBG1(DBG_IKE, "TKM based authentication successful" + " for ISA context %llu", isa_id); *success = TRUE; return TRUE; } +METHOD(listener_t, message, bool, + private_tkm_listener_t *this, ike_sa_t *ike_sa, + message_t *message, bool incoming, bool plain) +{ + if (!incoming || !plain || message->get_exchange_type(message) != IKE_AUTH) + { + return TRUE; + } + + tkm_keymat_t * const keymat = (tkm_keymat_t*)ike_sa->get_keymat(ike_sa); + const isa_id_type isa_id = keymat->get_isa_id(keymat); + DBG1(DBG_IKE, "saving AUTHENTICATION payload for authorize hook" + " (ISA context %llu)", isa_id); + + auth_payload_t * const auth_payload = + (auth_payload_t*)message->get_payload(message, AUTHENTICATION); + if (auth_payload) + { + const chunk_t auth_data = auth_payload->get_data(auth_payload); + keymat->set_auth_payload(keymat, &auth_data); + } + else + { + DBG1(DBG_IKE, "unable to extract AUTHENTICATION payload, authorize will" + " fail"); + } + + return TRUE; +} + METHOD(tkm_listener_t, destroy, void, private_tkm_listener_t *this) { @@ -68,6 +109,7 @@ tkm_listener_t *tkm_listener_create() .public = { .listener = { .authorize = _authorize, + .message = _message, }, .destroy = _destroy, }, |