aboutsummaryrefslogtreecommitdiffstats
path: root/src/starter
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter')
-rw-r--r--src/starter/confread.c4
-rw-r--r--src/starter/starterstroke.c29
2 files changed, 19 insertions, 14 deletions
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 1e7daa6a9..5c9478791 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -609,7 +609,7 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
case KW_AUTHBY:
conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT);
- if (!(streq(kw->value, "never") || streq(kw->value, "eap")))
+ if (!streq(kw->value, "never"))
{
char *value = kw->value;
char *second = strchr(kw->value, '|');
@@ -636,7 +636,7 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
{
conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT;
}
- else if (streq(value, "xauthpsk"))
+ else if (streq(value, "xauthpsk") || streq(value, "eap"))
{
conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT;
}
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index cfb9bc6fa..6ead95c8b 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -24,6 +24,8 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <credentials/auth_cfg.h>
+
#include <freeswan.h>
#include <constants.h>
@@ -39,15 +41,6 @@
#define IPV4_LEN 4
#define IPV6_LEN 16
-/**
- * Authentication methods, must be the same as in charons authenticator.h
- */
-enum auth_method_t {
- AUTH_PUBKEY = 1,
- AUTH_PSK = 2,
- AUTH_EAP = 3
-};
-
static char* push_string(stroke_msg_t *msg, char *string)
{
unsigned long string_start = msg->length;
@@ -202,15 +195,19 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
/* PUBKEY is preferred to PSK and EAP */
if (conn->policy & POLICY_PUBKEY)
{
- msg.add_conn.auth_method = AUTH_PUBKEY;
+ msg.add_conn.auth_method = AUTH_CLASS_PUBKEY;
}
else if (conn->policy & POLICY_PSK)
{
- msg.add_conn.auth_method = AUTH_PSK;
+ msg.add_conn.auth_method = AUTH_CLASS_PSK;
+ }
+ else if (conn->policy & POLICY_XAUTH_PSK)
+ {
+ msg.add_conn.auth_method = AUTH_CLASS_EAP;
}
else
{
- msg.add_conn.auth_method = AUTH_EAP;
+ msg.add_conn.auth_method = AUTH_CLASS_ANY;
}
msg.add_conn.eap_type = conn->eap_type;
msg.add_conn.eap_vendor = conn->eap_vendor;
@@ -230,6 +227,14 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.mode = MODE_TRANSPORT;
msg.add_conn.proxy_mode = TRUE;
}
+ else if (conn->policy & POLICY_SHUNT_PASS)
+ {
+ msg.add_conn.mode = MODE_PASS;
+ }
+ else if (conn->policy & (POLICY_SHUNT_DROP | POLICY_SHUNT_REJECT))
+ {
+ msg.add_conn.mode = MODE_DROP;
+ }
else
{
msg.add_conn.mode = MODE_TRANSPORT;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 04:51:55 +0000