summaryrefslogtreecommitdiff
path: root/src/libcharon
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon')
-rw-r--r--src/libcharon/Makefile.in1
-rw-r--r--src/libcharon/bus/bus.c28
-rw-r--r--src/libcharon/bus/bus.h8
-rw-r--r--src/libcharon/bus/listeners/listener.h13
-rw-r--r--src/libcharon/network/receiver.c12
-rw-r--r--src/libcharon/plugins/addrblock/Makefile.in1
-rw-r--r--src/libcharon/plugins/android_dns/Makefile.in1
-rw-r--r--src/libcharon/plugins/android_log/Makefile.in1
-rw-r--r--src/libcharon/plugins/certexpire/Makefile.in1
-rw-r--r--src/libcharon/plugins/coupling/Makefile.in1
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.in1
-rw-r--r--src/libcharon/plugins/duplicheck/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_dynamic/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_peap/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius.c18
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_accounting.c28
-rw-r--r--src/libcharon/plugins/eap_radius/eap_radius_plugin.c2
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_simaka_sql/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_tls/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_tnc/Makefile.in1
-rw-r--r--src/libcharon/plugins/eap_ttls/Makefile.in1
-rw-r--r--src/libcharon/plugins/error_notify/Makefile.in1
-rw-r--r--src/libcharon/plugins/farp/Makefile.in1
-rw-r--r--src/libcharon/plugins/ha/Makefile.in1
-rw-r--r--src/libcharon/plugins/ipseckey/Makefile.in1
-rw-r--r--src/libcharon/plugins/led/Makefile.in1
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.in1
-rw-r--r--src/libcharon/plugins/lookip/Makefile.in1
-rw-r--r--src/libcharon/plugins/maemo/Makefile.in1
-rw-r--r--src/libcharon/plugins/medcli/Makefile.in1
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.in1
-rw-r--r--src/libcharon/plugins/radattr/Makefile.in1
-rw-r--r--src/libcharon/plugins/smp/Makefile.in1
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.in1
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.in1
-rw-r--r--src/libcharon/plugins/sql/Makefile.in1
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in1
-rw-r--r--src/libcharon/plugins/systime_fix/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnc_ifmap/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c13
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c50
-rw-r--r--src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h12
-rw-r--r--src/libcharon/plugins/tnc_imc/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnc_imv/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnc_pdp/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnc_tnccs/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnccs_11/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnccs_20/Makefile.in1
-rw-r--r--src/libcharon/plugins/tnccs_dynamic/Makefile.in1
-rw-r--r--src/libcharon/plugins/uci/Makefile.in1
-rw-r--r--src/libcharon/plugins/unit_tester/Makefile.in1
-rw-r--r--src/libcharon/plugins/unity/Makefile.in1
-rw-r--r--src/libcharon/plugins/unity/unity_handler.c3
-rw-r--r--src/libcharon/plugins/updown/Makefile.in1
-rw-r--r--src/libcharon/plugins/whitelist/Makefile.in1
-rw-r--r--src/libcharon/plugins/xauth_eap/Makefile.in1
-rw-r--r--src/libcharon/plugins/xauth_generic/Makefile.in1
-rw-r--r--src/libcharon/plugins/xauth_noauth/Makefile.in1
-rw-r--r--src/libcharon/plugins/xauth_pam/Makefile.in1
-rw-r--r--src/libcharon/sa/ike_sa.c8
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_config.c2
73 files changed, 240 insertions, 17 deletions
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index e772528d1..f55db9379 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -698,6 +698,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c
index b5cdaaa89..0db5a8a9c 100644
--- a/src/libcharon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -759,6 +759,33 @@ METHOD(bus_t, narrow, void,
this->mutex->unlock(this->mutex);
}
+METHOD(bus_t, assign_vips, void,
+ private_bus_t *this, ike_sa_t *ike_sa, bool assign)
+{
+ enumerator_t *enumerator;
+ entry_t *entry;
+ bool keep;
+
+ this->mutex->lock(this->mutex);
+ enumerator = this->listeners->create_enumerator(this->listeners);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->calling || !entry->listener->assign_vips)
+ {
+ continue;
+ }
+ entry->calling++;
+ keep = entry->listener->assign_vips(entry->listener, ike_sa, assign);
+ entry->calling--;
+ if (!keep)
+ {
+ unregister_listener(this, entry, enumerator);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+}
+
METHOD(bus_t, destroy, void,
private_bus_t *this)
{
@@ -807,6 +834,7 @@ bus_t *bus_create()
.child_rekey = _child_rekey,
.authorize = _authorize,
.narrow = _narrow,
+ .assign_vips = _assign_vips,
.destroy = _destroy,
},
.listeners = linked_list_create(),
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 18d57bce1..75244d6bf 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -386,6 +386,14 @@ struct bus_t {
void (*child_rekey)(bus_t *this, child_sa_t *old, child_sa_t *new);
/**
+ * Virtual IP assignment hook.
+ *
+ * @param ike_sa IKE_SA the VIPs are assigned to
+ * @param assign TRUE if assigned to IKE_SA, FALSE if released
+ */
+ void (*assign_vips)(bus_t *this, ike_sa_t *ike_sa, bool assign);
+
+ /**
* Destroy the event bus.
*/
void (*destroy) (bus_t *this);
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 782289302..ef4daced2 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -190,6 +190,19 @@ struct listener_t {
*/
bool (*narrow)(listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa,
narrow_hook_t type, linked_list_t *local, linked_list_t *remote);
+
+ /**
+ * Virtual IP address assignment hook
+ *
+ * This hook gets invoked when a a Virtual IP address is assigned to an
+ * IKE_SA (assign = TRUE) and again when it is released (assign = FALSE)
+ *
+ * @param ike_sa IKE_SA the VIPs are assigned to
+ * @param assign TRUE if assigned to IKE_SA, FALSE if released
+ * @return TRUE to stay registered, FALSE to unregister
+ */
+ bool (*assign_vips)(listener_t *this, ike_sa_t *ike_sa, bool assign);
+
};
#endif /** LISTENER_H_ @}*/
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 6b2c2bf5b..2ca721a85 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -148,6 +148,12 @@ struct private_receiver_t {
* Delay response messages?
*/
bool receive_delay_response;
+
+ /**
+ * Endpoint is allowed to act as an initiator only
+ */
+ bool initiator_only;
+
};
/**
@@ -541,7 +547,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
if (message->get_request(message) &&
message->get_exchange_type(message) == IKE_SA_INIT)
{
- if (drop_ike_sa_init(this, message))
+ if (this->initiator_only || drop_ike_sa_init(this, message))
{
message->destroy(message);
return JOB_REQUEUE_DIRECT;
@@ -552,7 +558,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
{
id = message->get_ike_sa_id(message);
if (id->get_responder_spi(id) == 0 &&
- drop_ike_sa_init(this, message))
+ (this->initiator_only || drop_ike_sa_init(this, message)))
{
message->destroy(message);
return JOB_REQUEUE_DIRECT;
@@ -650,6 +656,8 @@ receiver_t *receiver_create()
"%s.receive_delay_request", TRUE, charon->name),
this->receive_delay_response = lib->settings->get_bool(lib->settings,
"%s.receive_delay_response", TRUE, charon->name),
+ this->initiator_only = lib->settings->get_bool(lib->settings,
+ "%s.initiator_only", FALSE, charon->name),
this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED);
if (!this->hasher)
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 52cd6186e..7b2b19bcc 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index 4a76714d2..41f42ffec 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 73459ac92..698935436 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index 6868c52a1..72e2ad601 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index e191dc6c7..886624123 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index 717180379..504aa5f93 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index d1b5dfbe6..f4efc5f6e 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -259,6 +259,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index 4d162b4eb..99ec32471 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index 947b58f01..0ddc9915b 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 1789b28e9..0579c4989 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index 5241a5c7d..95837fc3a 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index e8d2e2b64..3eb99bb89 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 1a31f27f1..6dd09c55d 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index 930f87013..97e03fde9 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index c0411cb1e..ae8a289bf 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -253,6 +253,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index a686dde90..aa2cf3da5 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index 59340df01..c9e1cdaad 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
@@ -85,6 +85,11 @@ struct private_eap_radius_t {
* Handle the Filter-Id attribute as IPsec CHILD_SA name?
*/
bool filter_id;
+
+ /**
+ * Format string we use for Called/Calling-Station-Id for a host
+ */
+ char *station_id_fmt;
};
/**
@@ -200,10 +205,10 @@ static void add_radius_request_attrs(private_eap_radius_t *this,
default:
break;
}
- snprintf(buf, sizeof(buf), "%#H", host);
+ snprintf(buf, sizeof(buf), this->station_id_fmt, host);
request->add(request, RAT_CALLED_STATION_ID, chunk_from_str(buf));
host = ike_sa->get_other_host(ike_sa);
- snprintf(buf, sizeof(buf), "%#H", host);
+ snprintf(buf, sizeof(buf), this->station_id_fmt, host);
request->add(request, RAT_CALLING_STATION_ID, chunk_from_str(buf));
}
@@ -591,6 +596,15 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer
"%s.plugins.eap-radius.filter_id", FALSE,
charon->name),
);
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name))
+ {
+ this->station_id_fmt = "%#H";
+ }
+ else
+ {
+ this->station_id_fmt = "%H";
+ }
this->client = eap_radius_create_client();
if (!this->client)
{
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
index ec78c8ef2..e9843470a 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c
@@ -51,6 +51,11 @@ struct private_eap_radius_accounting_t {
* Session ID prefix
*/
u_int32_t prefix;
+
+ /**
+ * Format string we use for Called/Calling-Station-Id for a host
+ */
+ char *station_id_fmt;
};
/**
@@ -195,7 +200,8 @@ static bool send_message(private_eap_radius_accounting_t *this,
/**
* Add common IKE_SA parameters to RADIUS account message
*/
-static void add_ike_sa_parameters(radius_message_t *message, ike_sa_t *ike_sa)
+static void add_ike_sa_parameters(private_eap_radius_accounting_t *this,
+ radius_message_t *message, ike_sa_t *ike_sa)
{
enumerator_t *enumerator;
host_t *vip, *host;
@@ -227,10 +233,10 @@ static void add_ike_sa_parameters(radius_message_t *message, ike_sa_t *ike_sa)
default:
break;
}
- snprintf(buf, sizeof(buf), "%#H", host);
+ snprintf(buf, sizeof(buf), this->station_id_fmt, host);
message->add(message, RAT_CALLED_STATION_ID, chunk_from_str(buf));
host = ike_sa->get_other_host(ike_sa);
- snprintf(buf, sizeof(buf), "%#H", host);
+ snprintf(buf, sizeof(buf), this->station_id_fmt, host);
message->add(message, RAT_CALLING_STATION_ID, chunk_from_str(buf));
snprintf(buf, sizeof(buf), "%Y", ike_sa->get_other_eap_id(ike_sa));
@@ -364,7 +370,7 @@ static job_requeue_t send_interim(interim_data_t *data)
message->add(message, RAT_ACCT_STATUS_TYPE, chunk_from_thing(value));
message->add(message, RAT_ACCT_SESSION_ID,
chunk_create(entry->sid, strlen(entry->sid)));
- add_ike_sa_parameters(message, ike_sa);
+ add_ike_sa_parameters(this, message, ike_sa);
value = htonl(bytes_out);
message->add(message, RAT_ACCT_OUTPUT_OCTETS, chunk_from_thing(value));
@@ -454,7 +460,7 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
schedule_interim(this, entry);
this->mutex->unlock(this->mutex);
- add_ike_sa_parameters(message, ike_sa);
+ add_ike_sa_parameters(this, message, ike_sa);
if (!send_message(this, message))
{
eap_radius_handle_timeout(ike_sa->get_id(ike_sa));
@@ -486,7 +492,7 @@ static void send_stop(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa)
message->add(message, RAT_ACCT_STATUS_TYPE, chunk_from_thing(value));
message->add(message, RAT_ACCT_SESSION_ID,
chunk_create(entry->sid, strlen(entry->sid)));
- add_ike_sa_parameters(message, ike_sa);
+ add_ike_sa_parameters(this, message, ike_sa);
value = htonl(entry->bytes.sent);
message->add(message, RAT_ACCT_OUTPUT_OCTETS, chunk_from_thing(value));
@@ -679,7 +685,15 @@ eap_radius_accounting_t *eap_radius_accounting_create()
(hashtable_equals_t)equals, 32),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
);
-
+ if (lib->settings->get_bool(lib->settings,
+ "%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name))
+ {
+ this->station_id_fmt = "%#H";
+ }
+ else
+ {
+ this->station_id_fmt = "%H";
+ }
if (lib->settings->get_bool(lib->settings,
"%s.plugins.eap-radius.accounting", FALSE, charon->name))
{
diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 3baf46731..e186cb0fe 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -105,7 +105,7 @@ static void load_configs(private_eap_radius_plugin_t *this)
"%s.plugins.eap-radius.secret", NULL, charon->name);
if (!secret)
{
- DBG1(DBG_CFG, "no RADUIS secret defined");
+ DBG1(DBG_CFG, "no RADIUS secret defined");
return;
}
nas_identifier = lib->settings->get_str(lib->settings,
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index e4657bb64..9c183bc29 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 5816de4ef..f0eaf8766 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index 2876af72f..18cce4e2c 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -255,6 +255,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 6f2467fad..bc0c77f43 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -255,6 +255,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 366c554d7..b01e4b973 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index 0b63da04e..1937428ec 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -253,6 +253,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index bc7157e6b..5c2a94ae0 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index 30a858102..a687e8b3d 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index df5bc442e..2a4fd35fe 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index ba7ec3ecf..b06fdf430 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -260,6 +260,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index 2596f9f20..5dbc49939 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 466cce320..ae99e143f 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index fd50854fc..f204b7236 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index f10dbb96f..5296fc0f2 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index e382b266c..189116bb5 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -262,6 +262,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index 3b7d3247c..24eb31feb 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -257,6 +257,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in
index 2e511a0a8..c907e9e2d 100644
--- a/src/libcharon/plugins/maemo/Makefile.in
+++ b/src/libcharon/plugins/maemo/Makefile.in
@@ -253,6 +253,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index af003c463..283b0401f 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index f679b11f1..770cd8ce0 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index 84faa1db6..e3b359174 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 72f7deead..0edca4959 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index e73d2003a..2e04d6627 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 855c307a8..a12e4a893 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 95fe34802..96f83b4d1 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 77497e2b9..7d1100c08 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -253,6 +253,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 56dc0b366..ab4d1b9ad 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index 96912c618..ed3775e9d 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -255,6 +255,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
index 4b2538e34..4ad19c530 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
@@ -71,8 +71,8 @@ static bool publish_device_ip_addresses(private_tnc_ifmap_listener_t *this)
*/
static bool reload_metadata(private_tnc_ifmap_listener_t *this)
{
- enumerator_t *enumerator;
ike_sa_t *ike_sa;
+ enumerator_t *enumerator;
bool success = TRUE;
enumerator = charon->controller->create_ike_sa_enumerator(
@@ -83,7 +83,8 @@ static bool reload_metadata(private_tnc_ifmap_listener_t *this)
{
continue;
}
- if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE))
+ if (!this->ifmap->publish_ike_sa(this->ifmap, ike_sa, TRUE) ||
+ !this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, TRUE))
{
success = FALSE;
break;
@@ -104,6 +105,13 @@ METHOD(listener_t, ike_updown, bool,
return TRUE;
}
+METHOD(listener_t, assign_vips, bool,
+ private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, bool assign)
+{
+ this->ifmap->publish_virtual_ips(this->ifmap, ike_sa, assign);
+ return TRUE;
+}
+
METHOD(listener_t, alert, bool,
private_tnc_ifmap_listener_t *this, ike_sa_t *ike_sa, alert_t alert,
va_list args)
@@ -144,6 +152,7 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload)
.public = {
.listener = {
.ike_updown = _ike_updown,
+ .assign_vips = _assign_vips,
.alert = _alert,
},
.destroy = _destroy,
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
index 8d5da5812..df7d2e2a1 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
@@ -579,6 +579,55 @@ METHOD(tnc_ifmap_soap_t, publish_device_ip, bool,
return success;
}
+METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool,
+ private_tnc_ifmap_soap_t *this, ike_sa_t *ike_sa, bool assign)
+{
+ tnc_ifmap_soap_msg_t *soap_msg;
+ xmlNodePtr request, node;
+ u_int32_t ike_sa_id;
+ enumerator_t *enumerator;
+ host_t *vip;
+ bool success;
+
+ /* extract relevant data from IKE_SA*/
+ ike_sa_id = ike_sa->get_unique_id(ike_sa);
+
+ /* build publish request */
+ request = create_publish_request(this);
+
+ enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, FALSE);
+ while (enumerator->enumerate(enumerator, &vip))
+ {
+ /**
+ * update or delete access-request-ip metadata for a virtual IP address
+ */
+ if (assign)
+ {
+ node = xmlNewNode(NULL, "update");
+ }
+ else
+ {
+ node = create_delete_filter(this, "access-request-ip");
+ }
+ xmlAddChild(request, node);
+
+ /* add access-request, virtual ip-address and [if assign] metadata */
+ xmlAddChild(node, create_access_request(this, ike_sa_id));
+ xmlAddChild(node, create_ip_address(this, vip));
+ if (assign)
+ {
+ xmlAddChild(node, create_metadata(this, "access-request-ip"));
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ soap_msg = tnc_ifmap_soap_msg_create(this->uri, this->user_pass, this->tls);
+ success = soap_msg->post(soap_msg, request, "publishReceived", NULL);
+ soap_msg->destroy(soap_msg);
+
+ return success;
+}
+
METHOD(tnc_ifmap_soap_t, publish_enforcement_report, bool,
private_tnc_ifmap_soap_t *this, host_t *host, char *action, char *reason)
{
@@ -851,6 +900,7 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create()
.purgePublisher = _purgePublisher,
.publish_ike_sa = _publish_ike_sa,
.publish_device_ip = _publish_device_ip,
+ .publish_virtual_ips = _publish_virtual_ips,
.publish_enforcement_report = _publish_enforcement_report,
.endSession = _endSession,
.get_session_id = _get_session_id,
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
index 4a0434a54..fbc65a2b1 100644
--- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
+++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h
@@ -56,7 +56,7 @@ struct tnc_ifmap_soap_t {
/**
* Publish metadata about established/deleted IKE_SAs
*
- * @param ike_sa IKE_SA for which metadate is published
+ * @param ike_sa IKE_SA for which metadata is published
* @param up TRUE if IKE_SEA is up, FALSE if down
* @return TRUE if command was successful
*/
@@ -71,6 +71,16 @@ struct tnc_ifmap_soap_t {
bool (*publish_device_ip)(tnc_ifmap_soap_t *this, host_t *host);
/**
+ * Publish Virtual IP access-request-ip metadata
+ *
+ * @param ike_sa IKE_SA for which Virtual IP metadata is published
+ * @param assign TRUE if assigned, FALSE if removed
+ * @return TRUE if command was successful
+ */
+ bool (*publish_virtual_ips)(tnc_ifmap_soap_t *this, ike_sa_t *ike_sa,
+ bool assign);
+
+ /**
* Publish enforcement-report metadata
*
* @param host Host to be enforced
diff --git a/src/libcharon/plugins/tnc_imc/Makefile.in b/src/libcharon/plugins/tnc_imc/Makefile.in
index 4e0a18310..7fb2e563c 100644
--- a/src/libcharon/plugins/tnc_imc/Makefile.in
+++ b/src/libcharon/plugins/tnc_imc/Makefile.in
@@ -253,6 +253,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnc_imv/Makefile.in b/src/libcharon/plugins/tnc_imv/Makefile.in
index 37964757f..8b175a993 100644
--- a/src/libcharon/plugins/tnc_imv/Makefile.in
+++ b/src/libcharon/plugins/tnc_imv/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index 0db60a288..87e6ed928 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnc_tnccs/Makefile.in b/src/libcharon/plugins/tnc_tnccs/Makefile.in
index 7ca6df3c8..4179dcaae 100644
--- a/src/libcharon/plugins/tnc_tnccs/Makefile.in
+++ b/src/libcharon/plugins/tnc_tnccs/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnccs_11/Makefile.in b/src/libcharon/plugins/tnccs_11/Makefile.in
index c74704f2d..19538feb0 100644
--- a/src/libcharon/plugins/tnccs_11/Makefile.in
+++ b/src/libcharon/plugins/tnccs_11/Makefile.in
@@ -260,6 +260,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnccs_20/Makefile.in b/src/libcharon/plugins/tnccs_20/Makefile.in
index f0cb9fa54..3c9a34a2f 100644
--- a/src/libcharon/plugins/tnccs_20/Makefile.in
+++ b/src/libcharon/plugins/tnccs_20/Makefile.in
@@ -258,6 +258,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/tnccs_dynamic/Makefile.in b/src/libcharon/plugins/tnccs_dynamic/Makefile.in
index 5f375516b..820870dd7 100644
--- a/src/libcharon/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libcharon/plugins/tnccs_dynamic/Makefile.in
@@ -254,6 +254,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index b8e03e0a8..6c5be9830 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in
index 175cece27..8b5b98db5 100644
--- a/src/libcharon/plugins/unit_tester/Makefile.in
+++ b/src/libcharon/plugins/unit_tester/Makefile.in
@@ -255,6 +255,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index 4a9a81847..85c5fc97e 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c
index 9d145b93f..3dec7a3b6 100644
--- a/src/libcharon/plugins/unity/unity_handler.c
+++ b/src/libcharon/plugins/unity/unity_handler.c
@@ -190,8 +190,6 @@ static job_requeue_t add_exclude_async(entry_t *entry)
child_cfg->add_traffic_selector(child_cfg, TRUE,
traffic_selector_create_from_subnet(host->clone(host),
32, 0, 0, 65535));
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
-
enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
while (enumerator->enumerate(enumerator, &host))
{
@@ -200,6 +198,7 @@ static job_requeue_t add_exclude_async(entry_t *entry)
32, 0, 0, 65535));
}
enumerator->destroy(enumerator);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
charon->shunts->install(charon->shunts, child_cfg);
child_cfg->destroy(child_cfg);
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 25505db0b..f40eab065 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index ca3c027ae..7c6f8cd06 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -259,6 +259,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index 0a74b2926..aecc871f4 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index 7348ab8de..a7088a2d0 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index c8f7a6a33..358875197 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index 0538a028f..34ebb37b9 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
h_plugins = @h_plugins@
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 8c4dabd81..63c04d9c0 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -776,6 +776,10 @@ METHOD(ike_sa_t, clear_virtual_ips, void,
linked_list_t *vips = local ? this->my_vips : this->other_vips;
host_t *vip;
+ if (!local && vips->get_count(vips))
+ {
+ charon->bus->assign_vips(charon->bus, &this->public, FALSE);
+ }
while (vips->remove_first(vips, (void**)&vip) == SUCCESS)
{
if (local)
@@ -2105,6 +2109,10 @@ METHOD(ike_sa_t, destroy, void,
vip->destroy(vip);
}
this->my_vips->destroy(this->my_vips);
+ if (this->other_vips->get_count(this->other_vips))
+ {
+ charon->bus->assign_vips(charon->bus, &this->public, FALSE);
+ }
while (this->other_vips->remove_last(this->other_vips,
(void**)&vip) == SUCCESS)
{
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index d637c26fe..17132feee 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -387,6 +387,8 @@ METHOD(task_t, build_r, status_t,
pools->destroy(pools);
return SUCCESS;
}
+ charon->bus->assign_vips(charon->bus, this->ike_sa, TRUE);
+
if (pools->get_count(pools) && !this->vips->get_count(this->vips))
{
DBG1(DBG_IKE, "expected a virtual IP request, sending %N",