aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/charon/sa/tasks/ike_config.c41
1 files changed, 37 insertions, 4 deletions
diff --git a/src/charon/sa/tasks/ike_config.c b/src/charon/sa/tasks/ike_config.c
index a42a1c68f..b1c133a4e 100644
--- a/src/charon/sa/tasks/ike_config.c
+++ b/src/charon/sa/tasks/ike_config.c
@@ -299,6 +299,38 @@ static status_t process_r(private_ike_config_t *this, message_t *message)
}
/**
+ * Find a peer (EAP) identity to query provider for attributes
+ */
+static identification_t *get_peer_identity(private_ike_config_t *this)
+{
+ identification_t *id = NULL, *current;
+ enumerator_t *enumerator;
+ auth_cfg_t *cfg;
+
+ enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE);
+ while (enumerator->enumerate(enumerator, &cfg))
+ {
+ /* prefer EAP-Identity of last round */
+ current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
+ if (!current || current->get_type(current) == ID_ANY)
+ {
+ current = cfg->get(cfg, AUTH_RULE_IDENTITY);
+ }
+ if (current && current->get_type(current) != ID_ANY)
+ {
+ id = current;
+ continue;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!id)
+ { /* fallback, should not happen */
+ id = this->ike_sa->get_other_id(this->ike_sa);
+ }
+ return id;
+}
+
+/**
* Implementation of task_t.build for responder
*/
static status_t build_r(private_ike_config_t *this, message_t *message)
@@ -311,6 +343,9 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
host_t *vip = NULL;
cp_payload_t *cp = NULL;
peer_cfg_t *config;
+ identification_t *id;
+
+ id = get_peer_identity(this);
config = this->ike_sa->get_peer_cfg(this->ike_sa);
if (config && this->virtual_ip)
@@ -319,9 +354,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
if (config->get_pool(config))
{
vip = lib->attributes->acquire_address(lib->attributes,
- config->get_pool(config),
- this->ike_sa->get_other_id(this->ike_sa),
- this->virtual_ip);
+ config->get_pool(config), id, this->virtual_ip);
}
if (vip == NULL)
{
@@ -340,7 +373,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
/* query registered providers for additional attributes to include */
enumerator = lib->attributes->create_responder_enumerator(
- lib->attributes, this->ike_sa->get_other_id(this->ike_sa), vip);
+ lib->attributes, id, vip);
while (enumerator->enumerate(enumerator, &type, &value))
{
if (!cp)
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 14:05:26 +0000