Pass ipsec.conf xauth_identity option via stroke to charon configurations
authorMartin Willi <martin@revosec.ch>
Thu, 15 Dec 2011 12:12:42 +0000 (13:12 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:23 +0000 (17:31 +0100)
src/libcharon/plugins/stroke/stroke_config.c
src/libcharon/plugins/stroke/stroke_socket.c
src/starter/starterstroke.c
src/stroke/stroke_msg.h

index fec28c1..c4b218d 100644 (file)
@@ -479,6 +479,11 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
                        cfg->add(cfg, AUTH_RULE_XAUTH_BACKEND, strdup(++pos));
                }
                cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_XAUTH);
+               if (msg->add_conn.xauth_identity)
+               {
+                       cfg->add(cfg, AUTH_RULE_XAUTH_IDENTITY,
+                               identification_create_from_string(msg->add_conn.xauth_identity));
+               }
        }
        else if (strneq(auth, "eap", 3))
        {
index 0f7a604..7a14be0 100644 (file)
@@ -181,12 +181,14 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
        pop_end(msg, "right", &msg->add_conn.other);
        pop_string(msg, &msg->add_conn.eap_identity);
        pop_string(msg, &msg->add_conn.aaa_identity);
+       pop_string(msg, &msg->add_conn.xauth_identity);
        pop_string(msg, &msg->add_conn.algorithms.ike);
        pop_string(msg, &msg->add_conn.algorithms.esp);
        pop_string(msg, &msg->add_conn.ikeme.mediated_by);
        pop_string(msg, &msg->add_conn.ikeme.peerid);
        DBG2(DBG_CFG, "  eap_identity=%s", msg->add_conn.eap_identity);
        DBG2(DBG_CFG, "  aaa_identity=%s", msg->add_conn.aaa_identity);
+       DBG2(DBG_CFG, "  xauth_identity=%s", msg->add_conn.xauth_identity);
        DBG2(DBG_CFG, "  ike=%s", msg->add_conn.algorithms.ike);
        DBG2(DBG_CFG, "  esp=%s", msg->add_conn.algorithms.esp);
        DBG2(DBG_CFG, "  dpddelay=%d", msg->add_conn.dpd.delay);
index e399b1c..628d632 100644 (file)
@@ -220,6 +220,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
        msg.add_conn.eap_vendor = conn->eap_vendor;
        msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
        msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
+       msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
 
        if (conn->policy & POLICY_TUNNEL)
        {
index f3c525b..3350d76 100644 (file)
@@ -246,6 +246,7 @@ struct stroke_msg_t {
                        u_int32_t eap_vendor;
                        char *eap_identity;
                        char *aaa_identity;
+                       char *xauth_identity;
                        int mode;
                        int mobike;
                        int force_encap;