1 files changed, 26 insertions, 1 deletions

diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 12f75b240..fd2cee607 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -23,11 +23,12 @@
 #include <eap/eap.h>
 #include <credentials/certificates/certificate.h>
 
-ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP,
+ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_XAUTH,
 	"any",
 	"public key",
 	"pre-shared key",
 	"EAP",
+	"XAuth",
 );
 
 ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT,
@@ -37,6 +38,8 @@ ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT,
 	"RULE_EAP_IDENTITY",
 	"RULE_EAP_TYPE",
 	"RULE_EAP_VENDOR",
+	"RULE_XAUTH_BACKEND",
+	"RULE_XAUTH_IDENTITY",
 	"RULE_CA_CERT",
 	"RULE_IM_CERT",
 	"RULE_SUBJECT_CERT",
@@ -68,6 +71,8 @@ static inline bool is_multi_value_rule(auth_rule_t type)
 		case AUTH_RULE_IDENTITY:
 		case AUTH_RULE_EAP_IDENTITY:
 		case AUTH_RULE_AAA_IDENTITY:
+		case AUTH_RULE_XAUTH_IDENTITY:
+		case AUTH_RULE_XAUTH_BACKEND:
 		case AUTH_RULE_SUBJECT_CERT:
 		case AUTH_HELPER_SUBJECT_CERT:
 		case AUTH_HELPER_SUBJECT_HASH_URL:
@@ -203,6 +208,8 @@ static entry_t *entry_create(auth_rule_t type, va_list args)
 		case AUTH_RULE_IDENTITY:
 		case AUTH_RULE_EAP_IDENTITY:
 		case AUTH_RULE_AAA_IDENTITY:
+		case AUTH_RULE_XAUTH_BACKEND:
+		case AUTH_RULE_XAUTH_IDENTITY:
 		case AUTH_RULE_GROUP:
 		case AUTH_RULE_CA_CERT:
 		case AUTH_RULE_IM_CERT:
@@ -261,6 +268,7 @@ static bool entry_equals(entry_t *e1, entry_t *e2)
 		case AUTH_RULE_IDENTITY:
 		case AUTH_RULE_EAP_IDENTITY:
 		case AUTH_RULE_AAA_IDENTITY:
+		case AUTH_RULE_XAUTH_IDENTITY:
 		case AUTH_RULE_GROUP:
 		{
 			identification_t *id1, *id2;
@@ -271,6 +279,7 @@ static bool entry_equals(entry_t *e1, entry_t *e2)
 			return id1->equals(id1, id2);
 		}
 		case AUTH_RULE_CERT_POLICY:
+		case AUTH_RULE_XAUTH_BACKEND:
 		case AUTH_HELPER_IM_HASH_URL:
 		case AUTH_HELPER_SUBJECT_HASH_URL:
 		{
@@ -293,6 +302,7 @@ static void destroy_entry_value(entry_t *entry)
 		case AUTH_RULE_EAP_IDENTITY:
 		case AUTH_RULE_AAA_IDENTITY:
 		case AUTH_RULE_GROUP:
+		case AUTH_RULE_XAUTH_IDENTITY:
 		{
 			identification_t *id = (identification_t*)entry->value;
 			id->destroy(id);
@@ -310,6 +320,7 @@ static void destroy_entry_value(entry_t *entry)
 			break;
 		}
 		case AUTH_RULE_CERT_POLICY:
+		case AUTH_RULE_XAUTH_BACKEND:
 		case AUTH_HELPER_IM_HASH_URL:
 		case AUTH_HELPER_SUBJECT_HASH_URL:
 		{
@@ -358,6 +369,8 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
 			case AUTH_RULE_IDENTITY:
 			case AUTH_RULE_EAP_IDENTITY:
 			case AUTH_RULE_AAA_IDENTITY:
+			case AUTH_RULE_XAUTH_BACKEND:
+			case AUTH_RULE_XAUTH_IDENTITY:
 			case AUTH_RULE_GROUP:
 			case AUTH_RULE_CA_CERT:
 			case AUTH_RULE_IM_CERT:
@@ -429,6 +442,8 @@ METHOD(auth_cfg_t, get, void*,
 		case AUTH_RULE_IDENTITY:
 		case AUTH_RULE_EAP_IDENTITY:
 		case AUTH_RULE_AAA_IDENTITY:
+		case AUTH_RULE_XAUTH_BACKEND:
+		case AUTH_RULE_XAUTH_IDENTITY:
 		case AUTH_RULE_GROUP:
 		case AUTH_RULE_CA_CERT:
 		case AUTH_RULE_IM_CERT:
@@ -571,6 +586,7 @@ METHOD(auth_cfg_t, complies, bool,
 			case AUTH_RULE_IDENTITY:
 			case AUTH_RULE_EAP_IDENTITY:
 			case AUTH_RULE_AAA_IDENTITY:
+			case AUTH_RULE_XAUTH_IDENTITY:
 			{
 				identification_t *id1, *id2;
 
@@ -668,6 +684,7 @@ METHOD(auth_cfg_t, complies, bool,
 									 "public keys, but %d bit key used",
 									 (uintptr_t)value, strength);
 							}
+							break;
 						}
 					}
 					else if (t2 == AUTH_RULE_RSA_STRENGTH)
@@ -678,6 +695,7 @@ METHOD(auth_cfg_t, complies, bool,
 							DBG1(DBG_CFG, "constraint requires %d bit ECDSA, "
 								 "but RSA used", (uintptr_t)value);
 						}
+						break;
 					}
 					else if (t2 == AUTH_RULE_ECDSA_STRENGTH)
 					{
@@ -687,6 +705,7 @@ METHOD(auth_cfg_t, complies, bool,
 							DBG1(DBG_CFG, "constraint requires %d bit RSA, "
 								 "but ECDSA used", (uintptr_t)value);
 						}
+						break;
 					}
 				}
 				e2->destroy(e2);
@@ -714,6 +733,8 @@ METHOD(auth_cfg_t, complies, bool,
 				}
 				break;
 			}
+			case AUTH_RULE_XAUTH_BACKEND:
+				/* not enforced, just a hint for local authentication */
 			case AUTH_HELPER_IM_CERT:
 			case AUTH_HELPER_SUBJECT_CERT:
 			case AUTH_HELPER_IM_HASH_URL:
@@ -789,12 +810,14 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
 				case AUTH_RULE_EAP_IDENTITY:
 				case AUTH_RULE_AAA_IDENTITY:
 				case AUTH_RULE_GROUP:
+				case AUTH_RULE_XAUTH_IDENTITY:
 				{
 					identification_t *id = (identification_t*)value;
 
 					add(this, type, id->clone(id));
 					break;
 				}
+				case AUTH_RULE_XAUTH_BACKEND:
 				case AUTH_RULE_CERT_POLICY:
 				case AUTH_HELPER_IM_HASH_URL:
 				case AUTH_HELPER_SUBJECT_HASH_URL:
@@ -904,6 +927,7 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*,
 			case AUTH_RULE_EAP_IDENTITY:
 			case AUTH_RULE_AAA_IDENTITY:
 			case AUTH_RULE_GROUP:
+			case AUTH_RULE_XAUTH_IDENTITY:
 			{
 				identification_t *id = (identification_t*)entry->value;
 				clone->add(clone, entry->type, id->clone(id));
@@ -920,6 +944,7 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*,
 				clone->add(clone, entry->type, cert->get_ref(cert));
 				break;
 			}
+			case AUTH_RULE_XAUTH_BACKEND:
 			case AUTH_RULE_CERT_POLICY:
 			case AUTH_HELPER_IM_HASH_URL:
 			case AUTH_HELPER_SUBJECT_HASH_URL: