diff options
5 files changed, 43 insertions, 1 deletions
diff --git a/src/libcharon/plugins/whitelist/whitelist.c b/src/libcharon/plugins/whitelist/whitelist.c index 34f4ef76c..5f511f2c5 100644 --- a/src/libcharon/plugins/whitelist/whitelist.c +++ b/src/libcharon/plugins/whitelist/whitelist.c @@ -169,6 +169,14 @@ int main(int argc, char *argv[]) { return send_msg(WHITELIST_LIST, argc == 3 ? argv[2] : "%any"); } + if (argc == 2 && strcmp(argv[1], "enable") == 0) + { + return send_msg(WHITELIST_ENABLE, ""); + } + if (argc == 2 && strcmp(argv[1], "disable") == 0) + { + return send_msg(WHITELIST_DISABLE, ""); + } fprintf(stderr, "Usage:\n"); fprintf(stderr, " %s add <identity>\n", argv[0]); fprintf(stderr, " %s remove <identity>\n", argv[0]); @@ -176,5 +184,7 @@ int main(int argc, char *argv[]) fprintf(stderr, " %s remove-from <file>\n", argv[0]); fprintf(stderr, " %s flush [<pattern>]\n", argv[0]); fprintf(stderr, " %s list [<pattern>]\n", argv[0]); + fprintf(stderr, " %s enable\n", argv[0]); + fprintf(stderr, " %s disable\n", argv[0]); return 1; } diff --git a/src/libcharon/plugins/whitelist/whitelist_control.c b/src/libcharon/plugins/whitelist/whitelist_control.c index 053356576..4a1fc5d87 100644 --- a/src/libcharon/plugins/whitelist/whitelist_control.c +++ b/src/libcharon/plugins/whitelist/whitelist_control.c @@ -138,6 +138,12 @@ static void dispatch(private_whitelist_control_t *this, case WHITELIST_FLUSH: this->listener->flush(this->listener, id); break; + case WHITELIST_ENABLE: + this->listener->set_active(this->listener, TRUE); + break; + case WHITELIST_DISABLE: + this->listener->set_active(this->listener, FALSE); + break; default: DBG1(DBG_CFG, "received unknown whitelist command"); break; diff --git a/src/libcharon/plugins/whitelist/whitelist_listener.c b/src/libcharon/plugins/whitelist/whitelist_listener.c index 66e9d80bd..a25e9058a 100644 --- a/src/libcharon/plugins/whitelist/whitelist_listener.c +++ b/src/libcharon/plugins/whitelist/whitelist_listener.c @@ -40,6 +40,11 @@ struct private_whitelist_listener_t { * Hashtable with whitelisted identities */ hashtable_t *ids; + + /** + * Whitelist checking enabled + */ + bool enabled; }; /** @@ -63,7 +68,7 @@ METHOD(listener_t, authorize, bool, bool final, bool *success) { /* check each authentication round */ - if (!final) + if (this->enabled && !final) { bool whitelisted = FALSE; identification_t *id; @@ -153,6 +158,13 @@ METHOD(whitelist_listener_t, flush, void, this->lock->unlock(this->lock); } +METHOD(whitelist_listener_t, set_active, void, + private_whitelist_listener_t *this, bool enable) +{ + DBG1(DBG_CFG, "whitelist functionality %sabled", enable ? "en" : "dis"); + this->enabled = enable; +} + METHOD(whitelist_listener_t, destroy, void, private_whitelist_listener_t *this) { @@ -186,11 +198,14 @@ whitelist_listener_t *whitelist_listener_create() .remove = _remove_, .create_enumerator = _create_enumerator, .flush = _flush, + .set_active = _set_active, .destroy = _destroy, }, .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .ids = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 32), + .enabled = lib->settings->get_bool(lib->settings, + "charon.plugins.whitelist.enabled", TRUE), ); return &this->public; diff --git a/src/libcharon/plugins/whitelist/whitelist_listener.h b/src/libcharon/plugins/whitelist/whitelist_listener.h index ed76d5f13..ac9475245 100644 --- a/src/libcharon/plugins/whitelist/whitelist_listener.h +++ b/src/libcharon/plugins/whitelist/whitelist_listener.h @@ -67,6 +67,13 @@ struct whitelist_listener_t { void (*flush)(whitelist_listener_t *this, identification_t *id); /** + * Enable/Disable whitelist checking. + * + * @param enable TRUE to enable, FALSE to disable + */ + void (*set_active)(whitelist_listener_t *this, bool enable); + + /** * Destroy a whitelist_listener_t. */ void (*destroy)(whitelist_listener_t *this); diff --git a/src/libcharon/plugins/whitelist/whitelist_msg.h b/src/libcharon/plugins/whitelist/whitelist_msg.h index 18b140f4b..91823b0b8 100644 --- a/src/libcharon/plugins/whitelist/whitelist_msg.h +++ b/src/libcharon/plugins/whitelist/whitelist_msg.h @@ -39,6 +39,10 @@ enum { WHITELIST_END = 4, /* flush identities matching id */ WHITELIST_FLUSH = 5, + /* enable whitelist checking */ + WHITELIST_ENABLE = 6, + /* disable whitelist checking */ + WHITELIST_DISABLE = 7, }; /** |