Prefer EAP-Identity for provider attribute/address lookup
This commit is contained in:
Martin Willi
parent
f6116e61fc
commit
5b4d0de7d4
|
|
@ -298,6 +298,38 @@ static status_t process_r(private_ike_config_t *this, message_t *message)
|
|||
return NEED_MORE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Find a peer (EAP) identity to query provider for attributes
|
||||
*/
|
||||
static identification_t *get_peer_identity(private_ike_config_t *this)
|
||||
{
|
||||
identification_t *id = NULL, *current;
|
||||
enumerator_t *enumerator;
|
||||
auth_cfg_t *cfg;
|
||||
|
||||
enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE);
|
||||
while (enumerator->enumerate(enumerator, &cfg))
|
||||
{
|
||||
/* prefer EAP-Identity of last round */
|
||||
current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
|
||||
if (!current || current->get_type(current) == ID_ANY)
|
||||
{
|
||||
current = cfg->get(cfg, AUTH_RULE_IDENTITY);
|
||||
}
|
||||
if (current && current->get_type(current) != ID_ANY)
|
||||
{
|
||||
id = current;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
if (!id)
|
||||
{ /* fallback, should not happen */
|
||||
id = this->ike_sa->get_other_id(this->ike_sa);
|
||||
}
|
||||
return id;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of task_t.build for responder
|
||||
*/
|
||||
|
|
@ -311,6 +343,9 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
|
|||
host_t *vip = NULL;
|
||||
cp_payload_t *cp = NULL;
|
||||
peer_cfg_t *config;
|
||||
identification_t *id;
|
||||
|
||||
id = get_peer_identity(this);
|
||||
|
||||
config = this->ike_sa->get_peer_cfg(this->ike_sa);
|
||||
if (config && this->virtual_ip)
|
||||
|
|
@ -319,9 +354,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
|
|||
if (config->get_pool(config))
|
||||
{
|
||||
vip = lib->attributes->acquire_address(lib->attributes,
|
||||
config->get_pool(config),
|
||||
this->ike_sa->get_other_id(this->ike_sa),
|
||||
this->virtual_ip);
|
||||
config->get_pool(config), id, this->virtual_ip);
|
||||
}
|
||||
if (vip == NULL)
|
||||
{
|
||||
|
|
@ -340,7 +373,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
|
|||
|
||||
/* query registered providers for additional attributes to include */
|
||||
enumerator = lib->attributes->create_responder_enumerator(
|
||||
lib->attributes, this->ike_sa->get_other_id(this->ike_sa), vip);
|
||||
lib->attributes, id, vip);
|
||||
while (enumerator->enumerate(enumerator, &type, &value))
|
||||
{
|
||||
if (!cp)
|
||||
|
|
|
|||
Loading…
Reference in New Issue