From 7823393926f17164f747c5f629658c02c8bc26b9 Mon Sep 17 00:00:00 2001 From: Thomas Egerer Date: Tue, 2 Feb 2016 17:01:50 +0100 Subject: [PATCH] ikev2: Use config value for sending of vendor IDs Signed-off-by: Thomas Egerer --- src/libcharon/sa/ikev2/tasks/ike_vendor.c | 56 +++++++++++++++++------ 1 file changed, 43 insertions(+), 13 deletions(-) diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c index cb3c270dc..e85b276e8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c +++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c @@ -13,6 +13,29 @@ * for more details. */ +/* + * Copyright (C) 2016 secunet Security Networks AG + * Copyright (C) 2016 Thomas Egerer + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + #include "ike_vendor.h" #include @@ -49,6 +72,8 @@ typedef struct { char *desc; /* extension flag negotiated with vendor ID, if any */ ike_extension_t extension; + /* Value from strongswan.conf, whether to send vendor ID */ + char *setting; /* length of vendor ID string, 0 for NULL terminated */ int len; /* vendor ID string */ @@ -68,23 +93,23 @@ static chunk_t get_vid_data(vid_data_t *data) */ static vid_data_t vids[] = { /* strongSwan MD5("strongSwan") */ - { "strongSwan", EXT_STRONGSWAN, 16, + { "strongSwan", EXT_STRONGSWAN, "send_vendor_id", 16, "\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"}, - { "Cisco Delete Reason", 0, 0, + { "Cisco Delete Reason", 0, NULL, 0, "CISCO-DELETE-REASON" }, - { "Cisco Copyright (c) 2009", 0, 0, + { "Cisco Copyright (c) 2009", 0, NULL, 0, "CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc." }, - { "FRAGMENTATION", 0, 16, + { "FRAGMENTATION", 0, NULL, 16, "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3"}, - { "MS NT5 ISAKMPOAKLEY v7", 0, 20, + { "MS NT5 ISAKMPOAKLEY v7", 0, NULL, 20, "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x07"}, - { "MS NT5 ISAKMPOAKLEY v8", 0, 20, + { "MS NT5 ISAKMPOAKLEY v8", 0, NULL, 20, "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x08"}, - { "MS NT5 ISAKMPOAKLEY v9", 0, 20, + { "MS NT5 ISAKMPOAKLEY v9", 0, NULL, 20, "\x1e\x2b\x51\x69\x05\x99\x1c\x7d\x7c\x96\xfc\xbf\xb5\x87\xe4\x61\x00\x00\x00\x09"}, - { "MS-Negotiation Discovery Capable", 0, 16, + { "MS-Negotiation Discovery Capable", 0, NULL, 16, "\xfb\x1d\xe3\xcd\xf3\x41\xb7\xea\x16\xb7\xe5\xbe\x08\x55\xf1\x20"}, - { "Vid-Initial-Contact", 0, 16, + { "Vid-Initial-Contact", 0, NULL, 16, "\x26\x24\x4d\x38\xed\xdb\x61\xb3\x17\x2a\x36\xe3\xd0\xcf\xb8\x19"}, }; @@ -92,14 +117,19 @@ METHOD(task_t, build, status_t, private_ike_vendor_t *this, message_t *message) { vendor_id_payload_t *vid; - bool strongswan; + bool send_vid; int i; - strongswan = lib->settings->get_bool(lib->settings, - "%s.send_vendor_id", FALSE, lib->ns); for (i = 0; i < countof(vids); i++) { - if (vids[i].extension == EXT_STRONGSWAN && strongswan) + send_vid = FALSE; + + if (vids[i].setting) + { + send_vid = lib->settings->get_bool(lib->settings, "%s.%s", send_vid, + lib->ns, vids[i].setting); + } + if (send_vid) { DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc); vid = vendor_id_payload_create_data(PLV2_VENDOR_ID,