summaryrefslogtreecommitdiff
path: root/src/starter/starterstroke.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/starter/starterstroke.c')
-rw-r--r--src/starter/starterstroke.c42
1 files changed, 28 insertions, 14 deletions
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 7272b2530..ae04c20dd 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -24,6 +24,8 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <credentials/auth_cfg.h>
+
#include <freeswan.h>
#include <constants.h>
@@ -39,15 +41,6 @@
#define IPV4_LEN 4
#define IPV6_LEN 16
-/**
- * Authentication methods, must be the same as in charons authenticator.h
- */
-enum auth_method_t {
- AUTH_PUBKEY = 1,
- AUTH_PSK = 2,
- AUTH_EAP = 3
-};
-
static char* push_string(stroke_msg_t *msg, char *string)
{
unsigned long string_start = msg->length;
@@ -169,6 +162,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
msg_end->auth2 = push_string(msg, conn_end->auth2);
msg_end->id = push_string(msg, conn_end->id);
msg_end->id2 = push_string(msg, conn_end->id2);
+ msg_end->rsakey = push_string(msg, conn_end->rsakey);
msg_end->cert = push_string(msg, conn_end->cert);
msg_end->cert2 = push_string(msg, conn_end->cert2);
msg_end->cert_policy = push_string(msg, conn_end->cert_policy);
@@ -176,8 +170,15 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
msg_end->ca2 = push_string(msg, conn_end->ca2);
msg_end->groups = push_string(msg, conn_end->groups);
msg_end->updown = push_string(msg, conn_end->updown);
- ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
- msg_end->address = push_string(msg, buffer);
+ if (conn_end->host)
+ {
+ msg_end->address = push_string(msg, conn_end->host);
+ }
+ else
+ {
+ ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
+ msg_end->address = push_string(msg, buffer);
+ }
msg_end->ikeport = conn_end->ikeport;
msg_end->subnets = push_string(msg, conn_end->subnet);
msg_end->sourceip = push_string(msg, conn_end->sourceip);
@@ -202,15 +203,19 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
/* PUBKEY is preferred to PSK and EAP */
if (conn->policy & POLICY_PUBKEY)
{
- msg.add_conn.auth_method = AUTH_PUBKEY;
+ msg.add_conn.auth_method = AUTH_CLASS_PUBKEY;
}
else if (conn->policy & POLICY_PSK)
{
- msg.add_conn.auth_method = AUTH_PSK;
+ msg.add_conn.auth_method = AUTH_CLASS_PSK;
+ }
+ else if (conn->policy & POLICY_XAUTH_PSK)
+ {
+ msg.add_conn.auth_method = AUTH_CLASS_EAP;
}
else
{
- msg.add_conn.auth_method = AUTH_EAP;
+ msg.add_conn.auth_method = AUTH_CLASS_ANY;
}
msg.add_conn.eap_type = conn->eap_type;
msg.add_conn.eap_vendor = conn->eap_vendor;
@@ -230,6 +235,14 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.mode = MODE_TRANSPORT;
msg.add_conn.proxy_mode = TRUE;
}
+ else if (conn->policy & POLICY_SHUNT_PASS)
+ {
+ msg.add_conn.mode = MODE_PASS;
+ }
+ else if (conn->policy & (POLICY_SHUNT_DROP | POLICY_SHUNT_REJECT))
+ {
+ msg.add_conn.mode = MODE_DROP;
+ }
else
{
msg.add_conn.mode = MODE_TRANSPORT;
@@ -258,6 +271,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
msg.add_conn.dpd.delay = conn->dpd_delay;
msg.add_conn.dpd.action = conn->dpd_action;
+ msg.add_conn.close_action = conn->close_action;
msg.add_conn.inactivity = conn->inactivity;
msg.add_conn.ikeme.mediation = conn->me_mediation;
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);