ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

introduced xauth_identity keyword

This commit is contained in:
Andreas Steffen 2010-05-15 10:18:29 +02:00
parent b8520ad50d
commit 8143f10914
10 changed files with 50 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/pluto/connections.c
View File

@ -404,11 +404,11 @@ void delete_connection(connection_t *c, bool relations)
cur_debugging = old_cur_debugging;
#endif
free(c->name);
DESTROY_IF(c->xauth_identity);
DESTROY_IF(c->spd.this.id);
DESTROY_IF(c->spd.this.ca);
DESTROY_IF(c->spd.this.groups);
DESTROY_IF(c->spd.this.host_srcip);
free(c->spd.this.updown);
free(c->spd.this.pool);
DESTROY_IF(c->spd.that.id);
@ -759,6 +759,10 @@ static size_t format_connection(char *buf, size_t buf_len,
static void unshare_connection_strings(connection_t *c)
{
c->name = clone_str(c->name);
if (c->xauth_identity)
{
c->xauth_identity = c->xauth_identity->clone(c->xauth_identity);
}
c->spd.this.id = c->spd.this.id->clone(c->spd.this.id);
c->spd.this.pool = clone_str(c->spd.this.pool);
c->spd.this.updown = clone_str(c->spd.this.updown);
@ -1137,6 +1141,12 @@ void add_connection(const whack_message_t *wm)
}
}
if (wm->xauth_identity)
{
c->xauth_identity
= identification_create_from_string(wm->xauth_identity);
}
c->sa_ike_life_seconds = wm->sa_ike_life_seconds;
c->sa_ipsec_life_seconds = wm->sa_ipsec_life_seconds;
c->sa_rekey_margin = wm->sa_rekey_margin;

2
src/pluto/connections.h
View File

@ -183,6 +183,8 @@ struct connection {
unsigned long sa_rekey_fuzz;
unsigned long sa_keying_tries;
identification_t *xauth_identity; /* XAUTH identity */
/* RFC 3706 DPD */
time_t dpd_delay;
time_t dpd_timeout;

1
src/pluto/rcv_whack.c
View File

@ -329,6 +329,7 @@ void whack_handle(int whackctlfd)
|| !unpack_str(&msg.sc_data) /* string 26 */
|| !unpack_str(&msg.whack_lease_ip) /* string 27 */
|| !unpack_str(&msg.whack_lease_id) /* string 28 */
|| !unpack_str(&msg.xauth_identity) /* string 29 */
|| str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */
{
ugh = "message from whack contains bad string";

1
src/starter/args.c
View File

@ -230,6 +230,7 @@ static const token_info_t token_info[] =
{ ARG_TIME, offsetof(starter_conn_t, inactivity), NULL },
{ ARG_MISC, 0, NULL /* KW_MODECONFIG */ },
{ ARG_MISC, 0, NULL /* KW_XAUTH */ },
{ ARG_STR, offsetof(starter_conn_t, xauth_identity), NULL },
{ ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool },
{ ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL },
{ ARG_STR, offsetof(starter_conn_t, me_peerid), NULL },

1
src/starter/confread.h
View File

@ -110,6 +110,7 @@ struct starter_conn {
u_int32_t eap_type;
u_int32_t eap_vendor;
char *eap_identity;
char *xauth_identity;
lset_t policy;
time_t sa_ike_life_seconds;
time_t sa_ipsec_life_seconds;

1
src/starter/keywords.h
View File

@ -93,6 +93,7 @@ typedef enum {
KW_INACTIVITY,
KW_MODECONFIG,
KW_XAUTH,
KW_XAUTH_IDENTITY,
KW_MEDIATION,
KW_MEDIATED_BY,
KW_ME_PEERID,

1
src/starter/keywords.txt
View File

@ -84,6 +84,7 @@ dpdaction, KW_DPDACTION
inactivity, KW_INACTIVITY
modeconfig, KW_MODECONFIG
xauth, KW_XAUTH
xauth_identity, KW_XAUTH_IDENTITY
mediation, KW_MEDIATION
mediated_by, KW_MEDIATED_BY
me_peerid, KW_ME_PEERID

2
src/starter/starterwhack.c
View File

@ -93,6 +93,7 @@ static int send_whack_msg (whack_message_t *msg)
|| !pack_str(&msg->sc_data, &str_next, &str_roof)
|| !pack_str(&msg->whack_lease_ip, &str_next, &str_roof)
|| !pack_str(&msg->whack_lease_id, &str_next, &str_roof)
|| !pack_str(&msg->xauth_identity, &str_next, &str_roof)
|| (str_roof - str_next < msg->keyval.len))
{
plog("send_wack_msg(): can't pack strings");
@ -285,6 +286,7 @@ int starter_whack_add_conn(starter_conn_t *conn)
msg.sa_rekey_fuzz = conn->sa_rekey_fuzz;
msg.sa_keying_tries = conn->sa_keying_tries;
msg.policy = conn->policy;
msg.xauth_identity = conn->xauth_identity;
/*
* Make sure the IKEv2-only policy bits are unset for IKEv1 connections

1
src/whack/whack.c
View File

@ -1804,6 +1804,7 @@ int main(int argc, char **argv)
|| !pack_str(&msg.sc_data) /* string 26 */
|| !pack_str(&msg.whack_lease_ip) /* string 27 */
|| !pack_str(&msg.whack_lease_id) /* string 28 */
|| !pack_str(&msg.xauth_identity) /* string 29 */
|| str_roof - next_str < (ptrdiff_t)msg.keyval.len)
diag("too many bytes of strings to fit in message to pluto");

48
src/whack/whack.h
View File

@ -48,7 +48,7 @@ typedef enum {
*/
#define WHACK_BASIC_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 24)
#define WHACK_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 26)
#define WHACK_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 29)
typedef struct whack_end whack_end_t;
@ -214,30 +214,40 @@ struct whack_message {
int inbase, outbase;
char *sc_data;
/* XAUTH user identity */
char *xauth_identity;
/* space for strings (hope there is enough room):
* Note that pointers don't travel on wire.
* 1 connection name [name_len]
* 2 left's name [left.host.name.len]
* 1 connection name
* 2 left's id
* 3 left's cert
* 4 left's ca
* 5 left's groups
* 6 left's updown
* 7 right's name [left.host.name.len]
* 8 right's cert
* 9 right's ca
* 10 right's groups
* 11 right's updown
* 12 keyid
* 13 myid
* 14 cacert
* 15 ldaphost
* 16 ldapbase
* 17 crluri
* 18 crluri2
* 19 ocspuri
* 20 ike
" 21 esp
* 22 rsa_data
* 7 left's source ip
* 8 left's virtual ip ranges
* 9 right's id
* 10 right's cert
* 11 right's ca
* 12 right's groups
* 13 right's updown
* 14 right's source ip
* 15 right's virtual ip ranges
* 16 keyid
* 17 myid
* 18 cacert
* 19 ldaphost
* 20 ldapbase
* 21 crluri
* 22 crluri2
* 23 ocspuri
* 24 ike
* 25 esp
* 26 smartcard data
* 27 whack leases ip argument
* 28 whack leases id argument
* 29 xauth identity
* plus keyval (limit: 8K bits + overhead), a chunk.
*/
size_t str_size;