ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Added support for authby/xauth_server legacy options

This commit is contained in:
Martin Willi 2012-01-20 15:33:26 +01:00
parent c390569a76
commit c791def8c1
2 changed files with 40 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/libcharon/plugins/stroke/stroke_config.c
View File

@ -266,7 +266,6 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
char *auth, *id, *cert, *ca;
stroke_end_t *end, *other_end;
auth_cfg_t *cfg;
char eap_buf[32];
/* select strings */
if (local)
@ -314,47 +313,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
{
if (primary)
{
if (local)
{ /* "leftauth" not defined, fall back to deprecated "authby" */
switch (msg->add_conn.auth_method)
{
default:
case AUTH_CLASS_PUBKEY:
auth = "pubkey";
break;
case AUTH_CLASS_PSK:
auth = "psk";
break;
case AUTH_CLASS_EAP:
auth = "eap";
break;
case AUTH_CLASS_ANY:
auth = "any";
break;
}
}
else
{ /* "rightauth" not defined, fall back to deprecated "eap" */
if (msg->add_conn.eap_type)
{
if (msg->add_conn.eap_vendor)
{
snprintf(eap_buf, sizeof(eap_buf), "eap-%d-%d",
msg->add_conn.eap_type,
msg->add_conn.eap_vendor);
}
else
{
snprintf(eap_buf, sizeof(eap_buf), "eap-%d",
msg->add_conn.eap_type);
}
auth = eap_buf;
}
else
{ /* not EAP => no constraints for this peer */
auth = "any";
}
}
auth = "pubkey";
}
else
{ /* no second authentication round, fine. But load certificates

59
src/starter/starterstroke.c
View File

@ -198,26 +198,6 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.length = offsetof(stroke_msg_t, buffer);
msg.add_conn.version = conn->keyexchange;
msg.add_conn.name = push_string(&msg, connection_name(conn));
/* PUBKEY is preferred to PSK and EAP */
if (conn->policy & POLICY_PUBKEY)
{
msg.add_conn.auth_method = AUTH_CLASS_PUBKEY;
}
else if (conn->policy & POLICY_PSK)
{
msg.add_conn.auth_method = AUTH_CLASS_PSK;
}
else if (conn->policy & POLICY_XAUTH_PSK)
{
msg.add_conn.auth_method = AUTH_CLASS_EAP;
}
else
{
msg.add_conn.auth_method = AUTH_CLASS_ANY;
}
msg.add_conn.eap_type = conn->eap_type;
msg.add_conn.eap_vendor = conn->eap_vendor;
msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
@ -287,6 +267,45 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);
if (!msg.add_conn.me.auth && !msg.add_conn.other.auth)
{ /* leftauth/rightauth not set, use legacy options */
if (conn->policy & POLICY_PUBKEY)
{
msg.add_conn.me.auth = push_string(&msg, "pubkey");
msg.add_conn.other.auth = push_string(&msg, "pubkey");
}
else if (conn->policy & POLICY_PSK)
{
msg.add_conn.me.auth = push_string(&msg, "psk");
msg.add_conn.other.auth = push_string(&msg, "psk");
}
else if (conn->policy & POLICY_XAUTH_RSASIG)
{
msg.add_conn.me.auth = push_string(&msg, "pubkey");
msg.add_conn.other.auth = push_string(&msg, "pubkey");
if (conn->policy & POLICY_XAUTH_SERVER)
{
msg.add_conn.other.auth2 = push_string(&msg, "xauth");
}
else
{
msg.add_conn.me.auth2 = push_string(&msg, "xauth");
}
}
else if (conn->policy & POLICY_XAUTH_PSK)
{
msg.add_conn.me.auth = push_string(&msg, "psk");
msg.add_conn.other.auth = push_string(&msg, "psk");
if (conn->policy & POLICY_XAUTH_SERVER)
{
msg.add_conn.other.auth2 = push_string(&msg, "xauth");
}
else
{
msg.add_conn.me.auth2 = push_string(&msg, "xauth");
}
}
}
return send_stroke_msg(&msg);
}