added XAUTH support
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 5 Dec 2006 23:13:02 +0000 (23:13 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 5 Dec 2006 23:13:02 +0000 (23:13 -0000)
src/starter/args.c
src/starter/confread.c
src/starter/keywords.h
src/starter/keywords.txt

index ad37b19..a784ac0 100644 (file)
@@ -197,6 +197,7 @@ static const token_info_t token_info[] =
     { ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL                        },
     { ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action               },
     { ARG_MISC, 0, NULL  /* KW_MODECONFIG */                                       },
+    { ARG_MISC, 0, NULL  /* KW_XAUTH */                                            },
 
     /* ca section keywords */
     { ARG_STR,  offsetof(starter_ca_t, name), NULL                                 },
index 93b8bee..6041d69 100644 (file)
@@ -410,7 +410,7 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
                        KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE)
                        break; 
                case KW_AUTHBY:
-                       conn->policy &= ~(POLICY_RSASIG | POLICY_PSK | POLICY_ENCRYPT);
+                       conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT);
 
                        if (strcmp(kw->value, "never") != 0)
                        {
@@ -425,8 +425,12 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
                                {
                                        if (streq(value, "rsasig"))
                                                conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT;
-                                       else if (streq(value, "secret"))
+                                       else if (streq(value, "secret") || streq(value, "psk"))
                                                conn->policy |= POLICY_PSK | POLICY_ENCRYPT;
+                                       else if (streq(value, "xauthrsasig"))
+                                               conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT;
+                                       else if (streq(value, "xauthpsk"))
+                                               conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT;
                                        else
                                        {
                                                plog("# bad policy value: %s=%s", kw->entry->name, kw->value);
@@ -446,6 +450,9 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
                case KW_MODECONFIG:
                        KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH)
                        break;
+               case KW_XAUTH:
+                       KW_POLICY_FLAG("server", "client", POLICY_XAUTH_SERVER)
+                       break;
                default:
                        break;
                }
index 1b2cf69..eac7375 100644 (file)
@@ -80,9 +80,10 @@ typedef enum {
     KW_DPDTIMEOUT,
     KW_DPDACTION,
     KW_MODECONFIG,
+    KW_XAUTH,
 
 #define KW_CONN_FIRST  KW_CONN_SETUP
-#define KW_CONN_LAST   KW_MODECONFIG
+#define KW_CONN_LAST   KW_XAUTH
 
    /* ca section keywords */
     KW_CA_NAME,
index bc5ef44..6e700f1 100644 (file)
@@ -69,6 +69,7 @@ dpddelay,          KW_DPDDELAY
 dpdtimeout,        KW_DPDTIMEOUT
 dpdaction,         KW_DPDACTION
 modeconfig,        KW_MODECONFIG
+xauth,             KW_XAUTH
 cacert,            KW_CACERT
 ldaphost,          KW_LDAPHOST
 ldapbase,          KW_LDAPBASE