vici: Match identity with wildcards against remote ID in redirect command
This commit is contained in:
parent
e92364db66
commit
bef4518de7
|
@ -298,7 +298,8 @@ supported by the peer.
|
|||
ike = <redirect an IKE_SA by configuration name>
|
||||
ike-id = <redirect an IKE_SA by its unique id>
|
||||
peer-ip = <redirect an IKE_SA with matching peer IP>
|
||||
peer-id = <redirect an IKE_SA with matching peer identity>
|
||||
peer-id = <redirect an IKE_SA with matching peer identity, may contain
|
||||
wildcards>
|
||||
} => {
|
||||
success = <yes or no>
|
||||
errmsg = <error string on failure>
|
||||
|
|
|
@ -366,7 +366,7 @@ CALLBACK(redirect, vici_message_t*,
|
|||
enumerator_t *sas;
|
||||
char *ike, *peer_ip, *peer_id, *gw, *errmsg = NULL;
|
||||
u_int ike_id, current, found = 0;
|
||||
identification_t *gateway, *identity = NULL;
|
||||
identification_t *gateway, *identity = NULL, *other_id;
|
||||
host_t *address = NULL;
|
||||
ike_sa_t *ike_sa;
|
||||
vici_builder_t *builder;
|
||||
|
@ -445,10 +445,13 @@ CALLBACK(redirect, vici_message_t*,
|
|||
{
|
||||
continue;
|
||||
}
|
||||
if (identity &&
|
||||
!identity->equals(identity, ike_sa->get_other_eap_id(ike_sa)))
|
||||
if (identity)
|
||||
{
|
||||
continue;
|
||||
other_id = ike_sa->get_other_eap_id(ike_sa);
|
||||
if (!other_id->matches(other_id, identity))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
}
|
||||
lib->processor->queue_job(lib->processor,
|
||||
(job_t*)redirect_job_create(ike_sa->get_id(ike_sa), gateway));
|
||||
|
|
|
@ -117,7 +117,7 @@ static void __attribute__ ((constructor))reg()
|
|||
command_register((command_t) {
|
||||
redirect, 'd', "redirect", "redirect an IKE_SA",
|
||||
{"--ike <name> | --ike-id <id> | --peer-ip <ip>",
|
||||
"--peer-id <id> | --gateway <ip|fqdn> [--raw|--pretty]"},
|
||||
"--peer-id <id|wildcards> | --gateway <ip|fqdn> [--raw|--pretty]"},
|
||||
{
|
||||
{"help", 'h', 0, "show usage information"},
|
||||
{"ike", 'i', 1, "redirect by IKE_SA name"},
|
||||
|
|
Loading…
Reference in New Issue