ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

updated medcli/medsrv plugins to use new auth_cfg API, fixes compilation

This commit is contained in:
Martin Willi 2009-06-04 14:00:01 +02:00
parent ec0b9ac97c
commit b00fbdb55a
2 changed files with 48 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/charon/plugins/medcli/medcli_config.c
View File

@ -95,6 +95,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
{ {
enumerator_t *e; enumerator_t *e;
peer_cfg_t *peer_cfg, *med_cfg; peer_cfg_t *peer_cfg, *med_cfg;
auth_cfg_t *auth;
ike_cfg_t *ike_cfg; ike_cfg_t *ike_cfg;
child_cfg_t *child_cfg; child_cfg_t *child_cfg;
chunk_t me, other; chunk_t me, other;
@ -116,8 +117,6 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
med_cfg = peer_cfg_create( med_cfg = peer_cfg_create(
"mediation", 2, ike_cfg, "mediation", 2, ike_cfg,
identification_create_from_encoding(ID_KEY_ID, me),
identification_create_from_encoding(ID_KEY_ID, other),
CERT_NEVER_SEND, UNIQUE_REPLACE, CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */ 1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */ this->rekey*5, this->rekey*3, /* jitter, overtime */
@ -126,6 +125,17 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
TRUE, NULL, NULL); /* mediation, med by, peer id */ TRUE, NULL, NULL); /* mediation, med by, peer id */
e->destroy(e); e->destroy(e);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
auth->add(auth, AUTH_RULE_IDENTITY,
identification_create_from_encoding(ID_KEY_ID, me));
med_cfg->add_auth_cfg(med_cfg, auth, TRUE);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
auth->add(auth, AUTH_RULE_IDENTITY,
identification_create_from_encoding(ID_KEY_ID, other));
med_cfg->add_auth_cfg(med_cfg, auth, FALSE);
/* query mediated config: /* query mediated config:
* - use any-any ike_cfg * - use any-any ike_cfg
* - build peer_cfg on-the-fly using med_cfg * - build peer_cfg on-the-fly using med_cfg
@ -144,8 +154,6 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
} }
peer_cfg = peer_cfg_create( peer_cfg = peer_cfg_create(
name, 2, this->ike->get_ref(this->ike), name, 2, this->ike->get_ref(this->ike),
identification_create_from_encoding(ID_KEY_ID, me),
identification_create_from_encoding(ID_KEY_ID, other),
CERT_NEVER_SEND, UNIQUE_REPLACE, CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */ 1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */ this->rekey*5, this->rekey*3, /* jitter, overtime */
@ -154,6 +162,17 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
FALSE, med_cfg, /* mediation, med by */ FALSE, med_cfg, /* mediation, med by */
identification_create_from_encoding(ID_KEY_ID, other)); identification_create_from_encoding(ID_KEY_ID, other));
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
auth->add(auth, AUTH_RULE_IDENTITY,
identification_create_from_encoding(ID_KEY_ID, me));
peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
auth->add(auth, AUTH_RULE_IDENTITY,
identification_create_from_encoding(ID_KEY_ID, other));
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
child_cfg = child_cfg_create(name, this->rekey*60 + this->rekey, child_cfg = child_cfg_create(name, this->rekey*60 + this->rekey,
this->rekey*60, this->rekey, NULL, TRUE, this->rekey*60, this->rekey, NULL, TRUE,
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
@ -197,6 +216,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
char *name, *local_net, *remote_net; char *name, *local_net, *remote_net;
chunk_t me, other; chunk_t me, other;
child_cfg_t *child_cfg; child_cfg_t *child_cfg;
auth_cfg_t *auth;
DESTROY_IF(this->current); DESTROY_IF(this->current);
if (!this->inner->enumerate(this->inner, &name, &me, &other, if (!this->inner->enumerate(this->inner, &name, &me, &other,
@ -207,14 +227,24 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
} }
this->current = peer_cfg_create( this->current = peer_cfg_create(
name, 2, this->ike->get_ref(this->ike), name, 2, this->ike->get_ref(this->ike),
identification_create_from_encoding(ID_KEY_ID, me),
identification_create_from_encoding(ID_KEY_ID, other),
CERT_NEVER_SEND, UNIQUE_REPLACE, CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */ 1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */ this->rekey*5, this->rekey*3, /* jitter, overtime */
TRUE, this->dpd, /* mobike, dpddelay */ TRUE, this->dpd, /* mobike, dpddelay */
NULL, NULL, /* vip, pool */ NULL, NULL, /* vip, pool */
FALSE, NULL, NULL); /* mediation, med by, peer id */ FALSE, NULL, NULL); /* mediation, med by, peer id */
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
auth->add(auth, AUTH_RULE_IDENTITY,
identification_create_from_encoding(ID_KEY_ID, me));
this->current->add_auth_cfg(this->current, auth, TRUE);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
auth->add(auth, AUTH_RULE_IDENTITY,
identification_create_from_encoding(ID_KEY_ID, other));
this->current->add_auth_cfg(this->current, auth, FALSE);
child_cfg = child_cfg_create( child_cfg = child_cfg_create(
name, this->rekey*60 + this->rekey, name, this->rekey*60 + this->rekey,
this->rekey*60, this->rekey, NULL, TRUE, this->rekey*60, this->rekey, NULL, TRUE,

12
src/charon/plugins/medsrv/medsrv_config.c
View File

@ -90,13 +90,13 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this,
if (e) if (e)
{ {
peer_cfg_t *peer_cfg; peer_cfg_t *peer_cfg;
auth_cfg_t *auth;
char *name; char *name;
if (e->enumerate(e, &name)) if (e->enumerate(e, &name))
{ {
peer_cfg = peer_cfg_create( peer_cfg = peer_cfg_create(
name, 2, this->ike->get_ref(this->ike), name, 2, this->ike->get_ref(this->ike),
me->clone(me), other->clone(other),
CERT_NEVER_SEND, UNIQUE_REPLACE, CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */ 1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */ this->rekey*5, this->rekey*3, /* jitter, overtime */
@ -104,6 +104,16 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this,
NULL, NULL, /* vip, pool */ NULL, NULL, /* vip, pool */
TRUE, NULL, NULL); /* mediation, med by, peer id */ TRUE, NULL, NULL); /* mediation, med by, peer id */
e->destroy(e); e->destroy(e);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy); return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
} }
e->destroy(e); e->destroy(e);