introduced xauth_identity keyword
This commit is contained in:
parent
b8520ad50d
commit
8143f10914
|
@ -404,11 +404,11 @@ void delete_connection(connection_t *c, bool relations)
|
|||
cur_debugging = old_cur_debugging;
|
||||
#endif
|
||||
free(c->name);
|
||||
DESTROY_IF(c->xauth_identity);
|
||||
DESTROY_IF(c->spd.this.id);
|
||||
DESTROY_IF(c->spd.this.ca);
|
||||
DESTROY_IF(c->spd.this.groups);
|
||||
DESTROY_IF(c->spd.this.host_srcip);
|
||||
|
||||
free(c->spd.this.updown);
|
||||
free(c->spd.this.pool);
|
||||
DESTROY_IF(c->spd.that.id);
|
||||
|
@ -759,6 +759,10 @@ static size_t format_connection(char *buf, size_t buf_len,
|
|||
static void unshare_connection_strings(connection_t *c)
|
||||
{
|
||||
c->name = clone_str(c->name);
|
||||
if (c->xauth_identity)
|
||||
{
|
||||
c->xauth_identity = c->xauth_identity->clone(c->xauth_identity);
|
||||
}
|
||||
c->spd.this.id = c->spd.this.id->clone(c->spd.this.id);
|
||||
c->spd.this.pool = clone_str(c->spd.this.pool);
|
||||
c->spd.this.updown = clone_str(c->spd.this.updown);
|
||||
|
@ -1137,6 +1141,12 @@ void add_connection(const whack_message_t *wm)
|
|||
}
|
||||
}
|
||||
|
||||
if (wm->xauth_identity)
|
||||
{
|
||||
c->xauth_identity
|
||||
= identification_create_from_string(wm->xauth_identity);
|
||||
}
|
||||
|
||||
c->sa_ike_life_seconds = wm->sa_ike_life_seconds;
|
||||
c->sa_ipsec_life_seconds = wm->sa_ipsec_life_seconds;
|
||||
c->sa_rekey_margin = wm->sa_rekey_margin;
|
||||
|
|
|
@ -183,6 +183,8 @@ struct connection {
|
|||
unsigned long sa_rekey_fuzz;
|
||||
unsigned long sa_keying_tries;
|
||||
|
||||
identification_t *xauth_identity; /* XAUTH identity */
|
||||
|
||||
/* RFC 3706 DPD */
|
||||
time_t dpd_delay;
|
||||
time_t dpd_timeout;
|
||||
|
|
|
@ -329,6 +329,7 @@ void whack_handle(int whackctlfd)
|
|||
|| !unpack_str(&msg.sc_data) /* string 26 */
|
||||
|| !unpack_str(&msg.whack_lease_ip) /* string 27 */
|
||||
|| !unpack_str(&msg.whack_lease_id) /* string 28 */
|
||||
|| !unpack_str(&msg.xauth_identity) /* string 29 */
|
||||
|| str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */
|
||||
{
|
||||
ugh = "message from whack contains bad string";
|
||||
|
|
|
@ -230,6 +230,7 @@ static const token_info_t token_info[] =
|
|||
{ ARG_TIME, offsetof(starter_conn_t, inactivity), NULL },
|
||||
{ ARG_MISC, 0, NULL /* KW_MODECONFIG */ },
|
||||
{ ARG_MISC, 0, NULL /* KW_XAUTH */ },
|
||||
{ ARG_STR, offsetof(starter_conn_t, xauth_identity), NULL },
|
||||
{ ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool },
|
||||
{ ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL },
|
||||
{ ARG_STR, offsetof(starter_conn_t, me_peerid), NULL },
|
||||
|
|
|
@ -110,6 +110,7 @@ struct starter_conn {
|
|||
u_int32_t eap_type;
|
||||
u_int32_t eap_vendor;
|
||||
char *eap_identity;
|
||||
char *xauth_identity;
|
||||
lset_t policy;
|
||||
time_t sa_ike_life_seconds;
|
||||
time_t sa_ipsec_life_seconds;
|
||||
|
|
|
@ -93,6 +93,7 @@ typedef enum {
|
|||
KW_INACTIVITY,
|
||||
KW_MODECONFIG,
|
||||
KW_XAUTH,
|
||||
KW_XAUTH_IDENTITY,
|
||||
KW_MEDIATION,
|
||||
KW_MEDIATED_BY,
|
||||
KW_ME_PEERID,
|
||||
|
|
|
@ -84,6 +84,7 @@ dpdaction, KW_DPDACTION
|
|||
inactivity, KW_INACTIVITY
|
||||
modeconfig, KW_MODECONFIG
|
||||
xauth, KW_XAUTH
|
||||
xauth_identity, KW_XAUTH_IDENTITY
|
||||
mediation, KW_MEDIATION
|
||||
mediated_by, KW_MEDIATED_BY
|
||||
me_peerid, KW_ME_PEERID
|
||||
|
|
|
@ -93,6 +93,7 @@ static int send_whack_msg (whack_message_t *msg)
|
|||
|| !pack_str(&msg->sc_data, &str_next, &str_roof)
|
||||
|| !pack_str(&msg->whack_lease_ip, &str_next, &str_roof)
|
||||
|| !pack_str(&msg->whack_lease_id, &str_next, &str_roof)
|
||||
|| !pack_str(&msg->xauth_identity, &str_next, &str_roof)
|
||||
|| (str_roof - str_next < msg->keyval.len))
|
||||
{
|
||||
plog("send_wack_msg(): can't pack strings");
|
||||
|
@ -285,6 +286,7 @@ int starter_whack_add_conn(starter_conn_t *conn)
|
|||
msg.sa_rekey_fuzz = conn->sa_rekey_fuzz;
|
||||
msg.sa_keying_tries = conn->sa_keying_tries;
|
||||
msg.policy = conn->policy;
|
||||
msg.xauth_identity = conn->xauth_identity;
|
||||
|
||||
/*
|
||||
* Make sure the IKEv2-only policy bits are unset for IKEv1 connections
|
||||
|
|
|
@ -1804,6 +1804,7 @@ int main(int argc, char **argv)
|
|||
|| !pack_str(&msg.sc_data) /* string 26 */
|
||||
|| !pack_str(&msg.whack_lease_ip) /* string 27 */
|
||||
|| !pack_str(&msg.whack_lease_id) /* string 28 */
|
||||
|| !pack_str(&msg.xauth_identity) /* string 29 */
|
||||
|| str_roof - next_str < (ptrdiff_t)msg.keyval.len)
|
||||
diag("too many bytes of strings to fit in message to pluto");
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@ typedef enum {
|
|||
*/
|
||||
|
||||
#define WHACK_BASIC_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 24)
|
||||
#define WHACK_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 26)
|
||||
#define WHACK_MAGIC (((((('w' << 8) + 'h') << 8) + 'k') << 8) + 29)
|
||||
|
||||
typedef struct whack_end whack_end_t;
|
||||
|
||||
|
@ -214,30 +214,40 @@ struct whack_message {
|
|||
int inbase, outbase;
|
||||
char *sc_data;
|
||||
|
||||
/* XAUTH user identity */
|
||||
char *xauth_identity;
|
||||
|
||||
/* space for strings (hope there is enough room):
|
||||
* Note that pointers don't travel on wire.
|
||||
* 1 connection name [name_len]
|
||||
* 2 left's name [left.host.name.len]
|
||||
* 1 connection name
|
||||
* 2 left's id
|
||||
* 3 left's cert
|
||||
* 4 left's ca
|
||||
* 5 left's groups
|
||||
* 6 left's updown
|
||||
* 7 right's name [left.host.name.len]
|
||||
* 8 right's cert
|
||||
* 9 right's ca
|
||||
* 10 right's groups
|
||||
* 11 right's updown
|
||||
* 12 keyid
|
||||
* 13 myid
|
||||
* 14 cacert
|
||||
* 15 ldaphost
|
||||
* 16 ldapbase
|
||||
* 17 crluri
|
||||
* 18 crluri2
|
||||
* 19 ocspuri
|
||||
* 20 ike
|
||||
" 21 esp
|
||||
* 22 rsa_data
|
||||
* 7 left's source ip
|
||||
* 8 left's virtual ip ranges
|
||||
* 9 right's id
|
||||
* 10 right's cert
|
||||
* 11 right's ca
|
||||
* 12 right's groups
|
||||
* 13 right's updown
|
||||
* 14 right's source ip
|
||||
* 15 right's virtual ip ranges
|
||||
* 16 keyid
|
||||
* 17 myid
|
||||
* 18 cacert
|
||||
* 19 ldaphost
|
||||
* 20 ldapbase
|
||||
* 21 crluri
|
||||
* 22 crluri2
|
||||
* 23 ocspuri
|
||||
* 24 ike
|
||||
* 25 esp
|
||||
* 26 smartcard data
|
||||
* 27 whack leases ip argument
|
||||
* 28 whack leases id argument
|
||||
* 29 xauth identity
|
||||
* plus keyval (limit: 8K bits + overhead), a chunk.
|
||||
*/
|
||||
size_t str_size;
|
||||
|
|
Loading…
Reference in New Issue