[svn-upgrade] new version strongswan (4.5.0)

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2010-11-28 11:42:20 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2010-11-28 11:42:20 +0000
commit: f73fba54dc8b30c6482e1e8abf15bbf455592fcd (patch)
tree: a449515607c5e51a5c703d7a9b1149c9e4a11560 /src/libcharon/sa/authenticators
parent: b8064f4099997a9e2179f3ad4ace605f5ccac3a1 (diff)
download: vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.tar.gz
vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.zip
5 files changed, 82 insertions, 177 deletions
diff --git a/src/libcharon/sa/authenticators/eap/eap_manager.c b/src/libcharon/sa/authenticators/eap/eap_manager.c
index f795183f0..bc2c4a617 100644
--- a/src/libcharon/sa/authenticators/eap/eap_manager.c
+++ b/src/libcharon/sa/authenticators/eap/eap_manager.c
@@ -68,12 +68,9 @@ struct private_eap_manager_t {
 	rwlock_t *lock;
 };
 
-/**
- * Implementation of eap_manager_t.add_method.
- */
-static void add_method(private_eap_manager_t *this, eap_type_t type,
-					   u_int32_t vendor, eap_role_t role,
-					   eap_constructor_t constructor)
+METHOD(eap_manager_t, add_method, void,
+	private_eap_manager_t *this, eap_type_t type, u_int32_t vendor,
+	eap_role_t role, eap_constructor_t constructor)
 {
 	eap_entry_t *entry = malloc_thing(eap_entry_t);
 
@@ -87,10 +84,8 @@ static void add_method(private_eap_manager_t *this, eap_type_t type,
 	this->lock->unlock(this->lock);
 }
 
-/**
- * Implementation of eap_manager_t.remove_method.
- */
-static void remove_method(private_eap_manager_t *this, eap_constructor_t constructor)
+METHOD(eap_manager_t, remove_method, void,
+	private_eap_manager_t *this, eap_constructor_t constructor)
 {
 	enumerator_t *enumerator;
 	eap_entry_t *entry;
@@ -109,13 +104,9 @@ static void remove_method(private_eap_manager_t *this, eap_constructor_t constru
 	this->lock->unlock(this->lock);
 }
 
-/**
- * Implementation of eap_manager_t.create_instance.
- */
-static eap_method_t* create_instance(private_eap_manager_t *this,
-									 eap_type_t type, u_int32_t vendor,
-									 eap_role_t role, identification_t *server,
-									 identification_t *peer)
+METHOD(eap_manager_t, create_instance, eap_method_t*,
+	private_eap_manager_t *this, eap_type_t type, u_int32_t vendor,
+	eap_role_t role, identification_t *server, identification_t *peer)
 {
 	enumerator_t *enumerator;
 	eap_entry_t *entry;
@@ -140,10 +131,8 @@ static eap_method_t* create_instance(private_eap_manager_t *this,
 	return method;
 }
 
-/**
- * Implementation of 2008_t.destroy
- */
-static void destroy(private_eap_manager_t *this)
+METHOD(eap_manager_t, destroy, void,
+	private_eap_manager_t *this)
 {
 	this->methods->destroy_function(this->methods, free);
 	this->lock->destroy(this->lock);
@@ -151,19 +140,22 @@ static void destroy(private_eap_manager_t *this)
 }
 
 /*
- * see header file
+ * See header
  */
 eap_manager_t *eap_manager_create()
 {
-	private_eap_manager_t *this = malloc_thing(private_eap_manager_t);
-
-	this->public.add_method = (void(*)(eap_manager_t*, eap_type_t type, u_int32_t vendor, eap_role_t role, eap_constructor_t constructor))add_method;
-	this->public.remove_method = (void(*)(eap_manager_t*, eap_constructor_t constructor))remove_method;
-	this->public.create_instance = (eap_method_t*(*)(eap_manager_t*, eap_type_t type, u_int32_t vendor, eap_role_t role, identification_t*,identification_t*))create_instance;
-	this->public.destroy = (void(*)(eap_manager_t*))destroy;
-
-	this->methods = linked_list_create();
-	this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+	private_eap_manager_t *this;
+
+	INIT(this,
+			.public = {
+				.add_method = _add_method,
+				.remove_method = _remove_method,
+				.create_instance = _create_instance,
+				.destroy = _destroy,
+			},
+			.methods = linked_list_create(),
+			.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
 
 	return &this->public;
 }
diff --git a/src/libcharon/sa/authenticators/eap/eap_method.c b/src/libcharon/sa/authenticators/eap/eap_method.c
index ad7b92cfa..0fa4a00c5 100644
--- a/src/libcharon/sa/authenticators/eap/eap_method.c
+++ b/src/libcharon/sa/authenticators/eap/eap_method.c
@@ -15,55 +15,8 @@
 
 #include "eap_method.h"
 
-/*
- * See header
- */
-eap_type_t eap_type_from_string(char *name)
-{
-	int i;
-	static struct {
-		char *name;
-		eap_type_t type;
-	} types[] = {
-		{"identity",	EAP_IDENTITY},
-		{"md5",			EAP_MD5},
-		{"otp",			EAP_OTP},
-		{"gtc",			EAP_GTC},
-		{"sim",			EAP_SIM},
-		{"aka",			EAP_AKA},
-		{"mschapv2",	EAP_MSCHAPV2},
-		{"radius",		EAP_RADIUS},
-	};
-
-	for (i = 0; i < countof(types); i++)
-	{
-		if (strcaseeq(name, types[i].name))
-		{
-			return types[i].type;
-		}
-	}
-	return 0;
-}
-
-ENUM(eap_code_names, EAP_REQUEST, EAP_FAILURE,
-	"EAP_REQUEST",
-	"EAP_RESPONSE",
-	"EAP_SUCCESS",
-	"EAP_FAILURE",
-);
-
-ENUM(eap_code_short_names, EAP_REQUEST, EAP_FAILURE,
-	"REQ",
-	"RES",
-	"SUCC",
-	"FAIL",
-);
-
 ENUM(eap_role_names, EAP_SERVER, EAP_PEER,
 	"EAP_SERVER",
 	"EAP_PEER",
 );
 
-
-
-
diff --git a/src/libcharon/sa/authenticators/eap/eap_method.h b/src/libcharon/sa/authenticators/eap/eap_method.h
index df354edb4..9961039ff 100644
--- a/src/libcharon/sa/authenticators/eap/eap_method.h
+++ b/src/libcharon/sa/authenticators/eap/eap_method.h
@@ -23,10 +23,10 @@
 
 typedef struct eap_method_t eap_method_t;
 typedef enum eap_role_t eap_role_t;
-typedef enum eap_code_t eap_code_t;
 
 #include <library.h>
 #include <utils/identification.h>
+#include <eap/eap.h>
 #include <encoding/payloads/eap_payload.h>
 
 /**
@@ -42,34 +42,6 @@ enum eap_role_t {
 extern enum_name_t *eap_role_names;
 
 /**
- * Lookup the EAP method type from a string.
- *
- * @param name		EAP method name (such as "md5", "aka")
- * @return			method type, 0 if unkown
- */
-eap_type_t eap_type_from_string(char *name);
-
-/**
- * EAP code, type of an EAP message
- */
-enum eap_code_t {
-	EAP_REQUEST = 1,
-	EAP_RESPONSE = 2,
-	EAP_SUCCESS = 3,
-	EAP_FAILURE = 4,
-};
-
-/**
- * enum names for eap_code_t.
- */
-extern enum_name_t *eap_code_names;
-
-/**
- * short string enum names for eap_code_t.
- */
-extern enum_name_t *eap_code_short_names;
-
-/**
  * Interface of an EAP method for server and client side.
  *
  * An EAP method initiates an EAP exchange and processes requests and
diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c
index 3c0f3c358..8b22fd1d7 100644
--- a/src/libcharon/sa/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/authenticators/eap_authenticator.c
@@ -99,22 +99,30 @@ struct private_eap_authenticator_t {
 static eap_method_t *load_method(private_eap_authenticator_t *this,
 							eap_type_t type, u_int32_t vendor, eap_role_t role)
 {
-	identification_t *server, *peer;
+	identification_t *server, *peer, *aaa;
+	auth_cfg_t *auth;
 
 	if (role == EAP_SERVER)
 	{
 		server = this->ike_sa->get_my_id(this->ike_sa);
 		peer = this->ike_sa->get_other_id(this->ike_sa);
+		auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
 	}
 	else
 	{
 		server = this->ike_sa->get_other_id(this->ike_sa);
 		peer = this->ike_sa->get_my_id(this->ike_sa);
+		auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
 	}
 	if (this->eap_identity)
 	{
 		peer = this->eap_identity;
 	}
+	aaa = auth->get(auth, AUTH_RULE_AAA_IDENTITY);
+	if (aaa)
+	{
+		server = aaa;
+	}
 	return charon->eap->create_instance(charon->eap, type, vendor,
 										role, server, peer);
 }
@@ -458,11 +466,8 @@ static void build_auth(private_eap_authenticator_t *this, message_t *message,
 	chunk_free(&auth_data);
 }
 
-/**
- * Implementation of authenticator_t.process for a server
- */
-static status_t process_server(private_eap_authenticator_t *this,
-							   message_t *message)
+METHOD(authenticator_t, process_server, status_t,
+	private_eap_authenticator_t *this, message_t *message)
 {
 	eap_payload_t *eap_payload;
 
@@ -492,11 +497,8 @@ static status_t process_server(private_eap_authenticator_t *this,
 	return NEED_MORE;
 }
 
-/**
- * Implementation of authenticator_t.build for a server
- */
-static status_t build_server(private_eap_authenticator_t *this,
-							 message_t *message)
+METHOD(authenticator_t, build_server, status_t,
+	private_eap_authenticator_t *this, message_t *message)
 {
 	if (this->eap_payload)
 	{
@@ -519,11 +521,8 @@ static status_t build_server(private_eap_authenticator_t *this,
 	return FAILED;
 }
 
-/**
- * Implementation of authenticator_t.process for a client
- */
-static status_t process_client(private_eap_authenticator_t *this,
-							   message_t *message)
+METHOD(authenticator_t, process_client, status_t,
+	private_eap_authenticator_t *this, message_t *message)
 {
 	eap_payload_t *eap_payload;
 
@@ -603,11 +602,8 @@ static status_t process_client(private_eap_authenticator_t *this,
 	return FAILED;
 }
 
-/**
- * Implementation of authenticator_t.build for a client
- */
-static status_t build_client(private_eap_authenticator_t *this,
-							 message_t *message)
+METHOD(authenticator_t, build_client, status_t,
+	private_eap_authenticator_t *this, message_t *message)
 {
 	if (this->eap_payload)
 	{
@@ -623,20 +619,16 @@ static status_t build_client(private_eap_authenticator_t *this,
 	return NEED_MORE;
 }
 
-/**
- * Implementation of authenticator_t.is_mutual.
- */
-static bool is_mutual(private_eap_authenticator_t *this)
+METHOD(authenticator_t, is_mutual, bool,
+	private_eap_authenticator_t *this)
 {
 	/* we don't know yet, but insist on it after EAP is complete */
 	this->require_mutual = TRUE;
 	return TRUE;
 }
 
-/**
- * Implementation of authenticator_t.destroy.
- */
-static void destroy(private_eap_authenticator_t *this)
+METHOD(authenticator_t, destroy, void,
+	private_eap_authenticator_t *this)
 {
 	DESTROY_IF(this->method);
 	DESTROY_IF(this->eap_payload);
@@ -652,25 +644,23 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa,
 									chunk_t received_nonce, chunk_t sent_nonce,
 									chunk_t received_init, chunk_t sent_init)
 {
-	private_eap_authenticator_t *this = malloc_thing(private_eap_authenticator_t);
-
-	this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *message))build_client;
-	this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process_client;
-	this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))is_mutual;
-	this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy;
-
-	this->ike_sa = ike_sa;
-	this->received_init = received_init;
-	this->received_nonce = received_nonce;
-	this->sent_init = sent_init;
-	this->sent_nonce = sent_nonce;
-	this->msk = chunk_empty;
-	this->method = NULL;
-	this->eap_payload = NULL;
-	this->eap_complete = FALSE;
-	this->auth_complete = FALSE;
-	this->eap_identity = NULL;
-	this->require_mutual = FALSE;
+	private_eap_authenticator_t *this;
+
+	INIT(this,
+		.public = {
+			.authenticator = {
+				.build = _build_client,
+				.process = _process_client,
+				.is_mutual = _is_mutual,
+				.destroy = _destroy,
+			},
+		},
+		.ike_sa = ike_sa,
+		.received_init = received_init,
+		.received_nonce = received_nonce,
+		.sent_init = sent_init,
+		.sent_nonce = sent_nonce,
+	);
 
 	return &this->public;
 }
@@ -682,25 +672,23 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa,
 									chunk_t received_nonce, chunk_t sent_nonce,
 									chunk_t received_init, chunk_t sent_init)
 {
-	private_eap_authenticator_t *this = malloc_thing(private_eap_authenticator_t);
-
-	this->public.authenticator.build = (status_t(*)(authenticator_t*, message_t *messageh))build_server;
-	this->public.authenticator.process = (status_t(*)(authenticator_t*, message_t *message))process_server;
-	this->public.authenticator.is_mutual = (bool(*)(authenticator_t*))is_mutual;
-	this->public.authenticator.destroy = (void(*)(authenticator_t*))destroy;
-
-	this->ike_sa = ike_sa;
-	this->received_init = received_init;
-	this->received_nonce = received_nonce;
-	this->sent_init = sent_init;
-	this->sent_nonce = sent_nonce;
-	this->msk = chunk_empty;
-	this->method = NULL;
-	this->eap_payload = NULL;
-	this->eap_complete = FALSE;
-	this->auth_complete = FALSE;
-	this->eap_identity = NULL;
-	this->require_mutual = FALSE;
+	private_eap_authenticator_t *this;
+
+	INIT(this,
+		.public = {
+			.authenticator = {
+				.build = _build_server,
+				.process = _process_server,
+				.is_mutual = _is_mutual,
+				.destroy = _destroy,
+			},
+		},
+		.ike_sa = ike_sa,
+		.received_init = received_init,
+		.received_nonce = received_nonce,
+		.sent_init = sent_init,
+		.sent_nonce = sent_nonce,
+	);
 
 	return &this->public;
 }
diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c
index 3c67f6db6..54b4338bb 100644
--- a/src/libcharon/sa/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c
@@ -84,15 +84,15 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message)
 			/* we try to deduct the signature scheme from the keysize */
 			switch (private->get_keysize(private))
 			{
-				case 32:
+				case 256:
 					scheme = SIGN_ECDSA_256;
 					auth_method = AUTH_ECDSA_256;
 					break;
-				case 48:
+				case 384:
 					scheme = SIGN_ECDSA_384;
 					auth_method = AUTH_ECDSA_384;
 					break;
-				case 66:
+				case 521:
 					scheme = SIGN_ECDSA_521;
 					auth_method = AUTH_ECDSA_521;
 					break;
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2010-11-28 11:42:20 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2010-11-28 11:42:20 +0000
commit	f73fba54dc8b30c6482e1e8abf15bbf455592fcd (patch)
tree	a449515607c5e51a5c703d7a9b1149c9e4a11560 /src/libcharon/sa/authenticators
parent	b8064f4099997a9e2179f3ad4ace605f5ccac3a1 (diff)
download	vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.tar.gz vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.zip