diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
commit | a54780509260a8cb6f0344f531da168b34410dd5 (patch) | |
tree | 477239a312679174252f39f7a80bc8bf33836d9a /src/libcharon/plugins/xauth_generic/xauth_generic.c | |
parent | 6e50941f7ce9c6f2d6888412968c7f4ffb495379 (diff) | |
parent | 5313d2d78ca150515f7f5eb39801c100690b6b29 (diff) | |
download | vyos-strongswan-a54780509260a8cb6f0344f531da168b34410dd5.tar.gz vyos-strongswan-a54780509260a8cb6f0344f531da168b34410dd5.zip |
Merge tag 'upstream/5.1.1'
Upstream version 5.1.1
Diffstat (limited to 'src/libcharon/plugins/xauth_generic/xauth_generic.c')
-rw-r--r-- | src/libcharon/plugins/xauth_generic/xauth_generic.c | 73 |
1 files changed, 55 insertions, 18 deletions
diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic.c b/src/libcharon/plugins/xauth_generic/xauth_generic.c index f0e675ac0..5df8aadee 100644 --- a/src/libcharon/plugins/xauth_generic/xauth_generic.c +++ b/src/libcharon/plugins/xauth_generic/xauth_generic.c @@ -39,7 +39,6 @@ struct private_xauth_generic_t { * ID of the peer */ identification_t *peer; - }; METHOD(xauth_method_t, initiate_peer, status_t, @@ -52,28 +51,64 @@ METHOD(xauth_method_t, initiate_peer, status_t, METHOD(xauth_method_t, process_peer, status_t, private_xauth_generic_t *this, cp_payload_t *in, cp_payload_t **out) { + configuration_attribute_t *attr; + enumerator_t *enumerator; shared_key_t *shared; cp_payload_t *cp; - chunk_t user, pass; + chunk_t msg; - shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, this->peer, - this->server); - if (!shared) + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &attr)) { - DBG1(DBG_IKE, "no XAuth secret found for '%Y' - '%Y'", this->peer, - this->server); - return FAILED; + if (attr->get_type(attr) == XAUTH_MESSAGE) + { + chunk_printable(attr->get_chunk(attr), &msg, '?'); + DBG1(DBG_CFG, "XAuth message: %.*s", (int)msg.len, msg.ptr); + free(msg.ptr); + } } - - user = this->peer->get_encoding(this->peer); - pass = shared->get_key(shared); + enumerator->destroy(enumerator); cp = cp_payload_create_type(CONFIGURATION_V1, CFG_REPLY); - cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, user)); - cp->add_attribute(cp, configuration_attribute_create_chunk( - CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_PASSWORD, pass)); - shared->destroy(shared); + + enumerator = in->create_attribute_enumerator(in); + while (enumerator->enumerate(enumerator, &attr)) + { + shared_key_type_t type = SHARED_EAP; + + switch (attr->get_type(attr)) + { + case XAUTH_USER_NAME: + cp->add_attribute(cp, configuration_attribute_create_chunk( + CONFIGURATION_ATTRIBUTE_V1, XAUTH_USER_NAME, + this->peer->get_encoding(this->peer))); + break; + case XAUTH_NEXT_PIN: + type = SHARED_PIN; + /* FALL */ + case XAUTH_USER_PASSWORD: + shared = lib->credmgr->get_shared(lib->credmgr, type, + this->peer, this->server); + if (!shared) + { + DBG1(DBG_IKE, "no XAuth %s found for '%Y' - '%Y'", + type == SHARED_EAP ? "password" : "PIN", + this->peer, this->server); + enumerator->destroy(enumerator); + cp->destroy(cp); + return FAILED; + } + cp->add_attribute(cp, configuration_attribute_create_chunk( + CONFIGURATION_ATTRIBUTE_V1, attr->get_type(attr), + shared->get_key(shared))); + shared->destroy(shared); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + *out = cp; return NEED_MORE; } @@ -187,7 +222,8 @@ METHOD(xauth_method_t, destroy, void, * Described in header. */ xauth_generic_t *xauth_generic_create_peer(identification_t *server, - identification_t *peer) + identification_t *peer, + char *profile) { private_xauth_generic_t *this; @@ -211,7 +247,8 @@ xauth_generic_t *xauth_generic_create_peer(identification_t *server, * Described in header. */ xauth_generic_t *xauth_generic_create_server(identification_t *server, - identification_t *peer) + identification_t *peer, + char *profile) { private_xauth_generic_t *this; |