diff options
Diffstat (limited to 'src/pluto/kernel.c')
| -rw-r--r-- | src/pluto/kernel.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index ee22fb55e..dd7ed8893 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -464,9 +464,11 @@ static bool do_command(connection_t *c, struct spd_route *sr, peerclientnet_str[ADDRTOT_BUF], peerclientmask_str[ADDRTOT_BUF], peerca_str[BUF_LEN], + xauth_id_str[BUF_LEN] = "", secure_myid_str[BUF_LEN] = "", secure_peerid_str[BUF_LEN] = "", - secure_peerca_str[BUF_LEN] = ""; + secure_peerca_str[BUF_LEN] = "", + secure_xauth_id_str[BUF_LEN] = ""; ip_address ta; pubkey_list_t *p; @@ -483,16 +485,14 @@ static bool do_command(connection_t *c, struct spd_route *sr, strncat(nexthop_str, "' ", sizeof(nexthop_str)); } - if (addrbytesptr(&sr->this.host_srcip, NULL) - && !isanyaddr(&sr->this.host_srcip)) + if (!sr->this.host_srcip->is_anyaddr(sr->this.host_srcip)) { char *n; strcpy(srcip_str, "PLUTO_MY_SOURCEIP='"); n = srcip_str + strlen(srcip_str); - - addrtot(&sr->this.host_srcip, 0 - ,n , sizeof(srcip_str)-strlen(srcip_str)); + snprintf(n, sizeof(srcip_str)-strlen(srcip_str), "%H", + sr->this.host_srcip); strncat(srcip_str, "' ", sizeof(srcip_str)); } @@ -505,6 +505,16 @@ static bool do_command(connection_t *c, struct spd_route *sr, maskof(&sr->this.client, &ta); addrtot(&ta, 0, myclientmask_str, sizeof(myclientmask_str)); + if (c->xauth_identity && + c->xauth_identity->get_type(c->xauth_identity) != ID_ANY) + { + snprintf(xauth_id_str, sizeof(xauth_id_str), "%Y", c->xauth_identity); + escape_metachar(xauth_id_str, secure_xauth_id_str, + sizeof(secure_xauth_id_str)); + snprintf(xauth_id_str, sizeof(xauth_id_str), "PLUTO_XAUTH_ID='%s' ", + secure_xauth_id_str); + } + addrtot(&sr->that.host_addr, 0, peer_str, sizeof(peer_str)); snprintf(peerid_str, sizeof(peerid_str), "%Y", sr->that.id); escape_metachar(peerid_str, secure_peerid_str, sizeof(secure_peerid_str)); @@ -562,6 +572,7 @@ static bool do_command(connection_t *c, struct spd_route *sr, "PLUTO_PEER_PROTOCOL='%u' " "PLUTO_PEER_CA='%s' " "%s" /* optional PLUTO_MY_SRCIP */ + "%s" /* optional PLUTO_XAUTH_ID */ "%s" /* actual script */ , verb, verb_suffix , c->name @@ -585,6 +596,7 @@ static bool do_command(connection_t *c, struct spd_route *sr, , sr->that.protocol , secure_peerca_str , srcip_str + , xauth_id_str , sr->this.updown == NULL? DEFAULT_UPDOWN : sr->this.updown)) { loglog(RC_LOG_SERIOUS, "%s%s command too long!", verb, verb_suffix); |