Added support for authby/xauth_server legacy options
This commit is contained in:
parent
c390569a76
commit
c791def8c1
|
@ -266,7 +266,6 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
|
|||
char *auth, *id, *cert, *ca;
|
||||
stroke_end_t *end, *other_end;
|
||||
auth_cfg_t *cfg;
|
||||
char eap_buf[32];
|
||||
|
||||
/* select strings */
|
||||
if (local)
|
||||
|
@ -314,47 +313,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
|
|||
{
|
||||
if (primary)
|
||||
{
|
||||
if (local)
|
||||
{ /* "leftauth" not defined, fall back to deprecated "authby" */
|
||||
switch (msg->add_conn.auth_method)
|
||||
{
|
||||
default:
|
||||
case AUTH_CLASS_PUBKEY:
|
||||
auth = "pubkey";
|
||||
break;
|
||||
case AUTH_CLASS_PSK:
|
||||
auth = "psk";
|
||||
break;
|
||||
case AUTH_CLASS_EAP:
|
||||
auth = "eap";
|
||||
break;
|
||||
case AUTH_CLASS_ANY:
|
||||
auth = "any";
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{ /* "rightauth" not defined, fall back to deprecated "eap" */
|
||||
if (msg->add_conn.eap_type)
|
||||
{
|
||||
if (msg->add_conn.eap_vendor)
|
||||
{
|
||||
snprintf(eap_buf, sizeof(eap_buf), "eap-%d-%d",
|
||||
msg->add_conn.eap_type,
|
||||
msg->add_conn.eap_vendor);
|
||||
}
|
||||
else
|
||||
{
|
||||
snprintf(eap_buf, sizeof(eap_buf), "eap-%d",
|
||||
msg->add_conn.eap_type);
|
||||
}
|
||||
auth = eap_buf;
|
||||
}
|
||||
else
|
||||
{ /* not EAP => no constraints for this peer */
|
||||
auth = "any";
|
||||
}
|
||||
}
|
||||
auth = "pubkey";
|
||||
}
|
||||
else
|
||||
{ /* no second authentication round, fine. But load certificates
|
||||
|
|
|
@ -198,26 +198,6 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
|||
msg.length = offsetof(stroke_msg_t, buffer);
|
||||
msg.add_conn.version = conn->keyexchange;
|
||||
msg.add_conn.name = push_string(&msg, connection_name(conn));
|
||||
|
||||
/* PUBKEY is preferred to PSK and EAP */
|
||||
if (conn->policy & POLICY_PUBKEY)
|
||||
{
|
||||
msg.add_conn.auth_method = AUTH_CLASS_PUBKEY;
|
||||
}
|
||||
else if (conn->policy & POLICY_PSK)
|
||||
{
|
||||
msg.add_conn.auth_method = AUTH_CLASS_PSK;
|
||||
}
|
||||
else if (conn->policy & POLICY_XAUTH_PSK)
|
||||
{
|
||||
msg.add_conn.auth_method = AUTH_CLASS_EAP;
|
||||
}
|
||||
else
|
||||
{
|
||||
msg.add_conn.auth_method = AUTH_CLASS_ANY;
|
||||
}
|
||||
msg.add_conn.eap_type = conn->eap_type;
|
||||
msg.add_conn.eap_vendor = conn->eap_vendor;
|
||||
msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
|
||||
msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
|
||||
msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
|
||||
|
@ -287,6 +267,45 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
|||
starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
|
||||
starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);
|
||||
|
||||
if (!msg.add_conn.me.auth && !msg.add_conn.other.auth)
|
||||
{ /* leftauth/rightauth not set, use legacy options */
|
||||
if (conn->policy & POLICY_PUBKEY)
|
||||
{
|
||||
msg.add_conn.me.auth = push_string(&msg, "pubkey");
|
||||
msg.add_conn.other.auth = push_string(&msg, "pubkey");
|
||||
}
|
||||
else if (conn->policy & POLICY_PSK)
|
||||
{
|
||||
msg.add_conn.me.auth = push_string(&msg, "psk");
|
||||
msg.add_conn.other.auth = push_string(&msg, "psk");
|
||||
}
|
||||
else if (conn->policy & POLICY_XAUTH_RSASIG)
|
||||
{
|
||||
msg.add_conn.me.auth = push_string(&msg, "pubkey");
|
||||
msg.add_conn.other.auth = push_string(&msg, "pubkey");
|
||||
if (conn->policy & POLICY_XAUTH_SERVER)
|
||||
{
|
||||
msg.add_conn.other.auth2 = push_string(&msg, "xauth");
|
||||
}
|
||||
else
|
||||
{
|
||||
msg.add_conn.me.auth2 = push_string(&msg, "xauth");
|
||||
}
|
||||
}
|
||||
else if (conn->policy & POLICY_XAUTH_PSK)
|
||||
{
|
||||
msg.add_conn.me.auth = push_string(&msg, "psk");
|
||||
msg.add_conn.other.auth = push_string(&msg, "psk");
|
||||
if (conn->policy & POLICY_XAUTH_SERVER)
|
||||
{
|
||||
msg.add_conn.other.auth2 = push_string(&msg, "xauth");
|
||||
}
|
||||
else
|
||||
{
|
||||
msg.add_conn.me.auth2 = push_string(&msg, "xauth");
|
||||
}
|
||||
}
|
||||
}
|
||||
return send_stroke_msg(&msg);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue