summaryrefslogtreecommitdiff
path: root/src/pluto/kernel.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-08-09 08:09:54 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-08-09 08:09:54 +0000
commitb8064f4099997a9e2179f3ad4ace605f5ccac3a1 (patch)
tree81778e976b476374c48b4fe83d084b986b890421 /src/pluto/kernel.c
parent1ac70afcc1f7d6d2738a34308810719b0976d29f (diff)
downloadvyos-strongswan-b8064f4099997a9e2179f3ad4ace605f5ccac3a1.tar.gz
vyos-strongswan-b8064f4099997a9e2179f3ad4ace605f5ccac3a1.zip
[svn-upgrade] new version strongswan (4.4.1)
Diffstat (limited to 'src/pluto/kernel.c')
-rw-r--r--src/pluto/kernel.c24
1 files changed, 18 insertions, 6 deletions
diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c
index ee22fb55e..dd7ed8893 100644
--- a/src/pluto/kernel.c
+++ b/src/pluto/kernel.c
@@ -464,9 +464,11 @@ static bool do_command(connection_t *c, struct spd_route *sr,
peerclientnet_str[ADDRTOT_BUF],
peerclientmask_str[ADDRTOT_BUF],
peerca_str[BUF_LEN],
+ xauth_id_str[BUF_LEN] = "",
secure_myid_str[BUF_LEN] = "",
secure_peerid_str[BUF_LEN] = "",
- secure_peerca_str[BUF_LEN] = "";
+ secure_peerca_str[BUF_LEN] = "",
+ secure_xauth_id_str[BUF_LEN] = "";
ip_address ta;
pubkey_list_t *p;
@@ -483,16 +485,14 @@ static bool do_command(connection_t *c, struct spd_route *sr,
strncat(nexthop_str, "' ", sizeof(nexthop_str));
}
- if (addrbytesptr(&sr->this.host_srcip, NULL)
- && !isanyaddr(&sr->this.host_srcip))
+ if (!sr->this.host_srcip->is_anyaddr(sr->this.host_srcip))
{
char *n;
strcpy(srcip_str, "PLUTO_MY_SOURCEIP='");
n = srcip_str + strlen(srcip_str);
-
- addrtot(&sr->this.host_srcip, 0
- ,n , sizeof(srcip_str)-strlen(srcip_str));
+ snprintf(n, sizeof(srcip_str)-strlen(srcip_str), "%H",
+ sr->this.host_srcip);
strncat(srcip_str, "' ", sizeof(srcip_str));
}
@@ -505,6 +505,16 @@ static bool do_command(connection_t *c, struct spd_route *sr,
maskof(&sr->this.client, &ta);
addrtot(&ta, 0, myclientmask_str, sizeof(myclientmask_str));
+ if (c->xauth_identity &&
+ c->xauth_identity->get_type(c->xauth_identity) != ID_ANY)
+ {
+ snprintf(xauth_id_str, sizeof(xauth_id_str), "%Y", c->xauth_identity);
+ escape_metachar(xauth_id_str, secure_xauth_id_str,
+ sizeof(secure_xauth_id_str));
+ snprintf(xauth_id_str, sizeof(xauth_id_str), "PLUTO_XAUTH_ID='%s' ",
+ secure_xauth_id_str);
+ }
+
addrtot(&sr->that.host_addr, 0, peer_str, sizeof(peer_str));
snprintf(peerid_str, sizeof(peerid_str), "%Y", sr->that.id);
escape_metachar(peerid_str, secure_peerid_str, sizeof(secure_peerid_str));
@@ -562,6 +572,7 @@ static bool do_command(connection_t *c, struct spd_route *sr,
"PLUTO_PEER_PROTOCOL='%u' "
"PLUTO_PEER_CA='%s' "
"%s" /* optional PLUTO_MY_SRCIP */
+ "%s" /* optional PLUTO_XAUTH_ID */
"%s" /* actual script */
, verb, verb_suffix
, c->name
@@ -585,6 +596,7 @@ static bool do_command(connection_t *c, struct spd_route *sr,
, sr->that.protocol
, secure_peerca_str
, srcip_str
+ , xauth_id_str
, sr->this.updown == NULL? DEFAULT_UPDOWN : sr->this.updown))
{
loglog(RC_LOG_SERIOUS, "%s%s command too long!", verb, verb_suffix);