charon-cmd: authenticate with EAP if no private key is given
[strongswan.git] / src / charon-cmd / cmd / cmd_connection.c
index 566b254..b3aad00 100644 (file)
@@ -48,6 +48,11 @@ struct private_cmd_connection_t {
         * Local identity
         */
        char *identity;
+
+       /**
+        * Is a private key configured
+        */
+       bool key_seen;
 };
 
 /**
@@ -65,11 +70,15 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
 {
        ike_cfg_t *ike_cfg;
        peer_cfg_t *peer_cfg;
+       u_int16_t local_port, remote_port = IKEV2_UDP_PORT;
 
-       ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE,
-                                                        charon->socket->get_port(charon->socket, FALSE),
-                                                        this->host, FALSE, IKEV2_UDP_PORT,
-                                                        FRAGMENTATION_NO, 0);
+       local_port = charon->socket->get_port(charon->socket, FALSE);
+       if (local_port != IKEV2_UDP_PORT)
+       {
+               remote_port = IKEV2_NATT_PORT;
+       }
+       ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE, local_port,
+                                       this->host, FALSE, remote_port, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        peer_cfg = peer_cfg_create("cmd", ike_cfg,
                                        CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
@@ -89,9 +98,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
 static void add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
 {
        auth_cfg_t *auth;
+       auth_class_t class;
 
+       if (this->key_seen)
+       {
+               class = AUTH_CLASS_PUBKEY;
+       }
+       else
+       {
+               class = AUTH_CLASS_EAP;
+       }
        auth = auth_cfg_create();
-       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, class);
        auth->add(auth, AUTH_RULE_IDENTITY,
                          identification_create_from_string(this->identity));
        peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
@@ -179,6 +197,9 @@ METHOD(cmd_connection_t, handle, bool,
                case CMD_OPT_IDENTITY:
                        this->identity = arg;
                        break;
+               case CMD_OPT_RSA:
+                       this->key_seen = TRUE;
+                       break;
                default:
                        return FALSE;
        }