IKEv1 XAuth: Added a "NULL" XAuth plugin which sends a hardcoded user/pass, and blind...
[strongswan.git] / src / libcharon / sa / authenticators / xauth_authenticator.c
1 /*
2 * Copyright (C) 2005-2009 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "xauth_authenticator.h"
18
19 #include <daemon.h>
20 #include <encoding/payloads/cp_payload.h>
21 #include <sa/keymat_v2.h>
22
23 typedef struct private_xauth_authenticator_t private_xauth_authenticator_t;
24
25 /**
26 * Private data of an xauth_authenticator_t object.
27 */
28 struct private_xauth_authenticator_t {
29
30 /**
31 * Public authenticator_t interface.
32 */
33 xauth_authenticator_t public;
34
35 /**
36 * Assigned IKE_SA
37 */
38 ike_sa_t *ike_sa;
39
40 /**
41 * The payload to send
42 */
43 cp_payload_t *cp_payload;
44
45 /**
46 * Whether the authenticator is for an XAUTH server or client
47 */
48 xauth_role_t role;
49 };
50
51 /**
52 * load an XAuth method
53 */
54 static xauth_method_t *load_method(private_xauth_authenticator_t *this,
55 xauth_type_t type, u_int32_t vendor)
56 {
57 identification_t *server, *peer, *aaa;
58 auth_cfg_t *auth;
59
60 if (this->role == XAUTH_SERVER)
61 {
62 server = this->ike_sa->get_my_id(this->ike_sa);
63 peer = this->ike_sa->get_other_id(this->ike_sa);
64 auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
65 }
66 else
67 {
68 server = this->ike_sa->get_other_id(this->ike_sa);
69 peer = this->ike_sa->get_my_id(this->ike_sa);
70 auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
71 }
72 aaa = auth->get(auth, AUTH_RULE_AAA_IDENTITY);
73 if (aaa)
74 {
75 server = aaa;
76 }
77 return charon->xauth->create_instance(charon->xauth, type, vendor,
78 this->role, server, peer);
79 }
80
81 METHOD(authenticator_t, build, status_t,
82 private_xauth_authenticator_t *this, message_t *message)
83 {
84 if(this->cp_payload != NULL)
85 {
86 message->add_payload(message, (payload_t *)this->cp_payload);
87 return NEED_MORE;
88 }
89 return SUCCESS;
90 }
91
92 METHOD(authenticator_t, process, status_t,
93 private_xauth_authenticator_t *this, message_t *message)
94 {
95 xauth_method_t *xauth_method = NULL;
96 cp_payload_t *cp_in, *cp_out;
97 status_t status = FAILED;
98
99 cp_in = (cp_payload_t *)message->get_payload(message, CONFIGURATION_V1);
100
101 xauth_method = load_method(this, XAUTH_NULL, 0);
102
103 if(xauth_method != NULL)
104 {
105 status = xauth_method->process(xauth_method, cp_in, &cp_out);
106 if(status == NEED_MORE)
107 {
108 this->cp_payload = cp_out;
109 }
110 else
111 {
112 xauth_method->destroy(xauth_method);
113 }
114 }
115 else
116 {
117 DBG1(DBG_IKE, "Couldn't locate valid xauth method.");
118 }
119
120 return status;
121 }
122
123 METHOD(authenticator_t, destroy, void,
124 private_xauth_authenticator_t *this)
125 {
126 free(this);
127 }
128
129 /*
130 * Described in header.
131 */
132 xauth_authenticator_t *xauth_authenticator_create_builder(ike_sa_t *ike_sa)
133 {
134 private_xauth_authenticator_t *this;
135
136 INIT(this,
137 .public = {
138 .authenticator = {
139 .build = _build,
140 .process = _process,
141 .is_mutual = (void*)return_false,
142 .destroy = _destroy,
143 },
144 },
145 .ike_sa = ike_sa,
146 .cp_payload = NULL,
147 .role = XAUTH_PEER,
148 );
149
150 return &this->public;
151 }
152
153 /*
154 * Described in header.
155 */
156 xauth_authenticator_t *xauth_authenticator_create_verifier(ike_sa_t *ike_sa)
157 {
158 private_xauth_authenticator_t *this;
159
160 INIT(this,
161 .public = {
162 .authenticator = {
163 .build = _build,
164 .process = _process,
165 .is_mutual = (void*)return_false,
166 .destroy = _destroy,
167 },
168 },
169 .ike_sa = ike_sa,
170 .cp_payload = NULL,
171 .role = XAUTH_SERVER,
172 );
173
174 return &this->public;
175 }