xauth: add a configuration string option to be passed to XAuth instances
authorMartin Willi <martin@revosec.ch>
Tue, 23 Jul 2013 12:24:58 +0000 (14:24 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 3 Sep 2013 14:26:19 +0000 (16:26 +0200)
The configuration string is appended to the XAuth backend name, separated by
a colon. The configuration string is passed untouched to the backend, where
it can change the behavior of the XAuth module.

15 files changed:
src/libcharon/plugins/eap_gtc/eap_gtc.c
src/libcharon/plugins/eap_radius/eap_radius_xauth.c
src/libcharon/plugins/eap_radius/eap_radius_xauth.h
src/libcharon/plugins/xauth_eap/xauth_eap.c
src/libcharon/plugins/xauth_eap/xauth_eap.h
src/libcharon/plugins/xauth_generic/xauth_generic.c
src/libcharon/plugins/xauth_generic/xauth_generic.h
src/libcharon/plugins/xauth_noauth/xauth_noauth.c
src/libcharon/plugins/xauth_noauth/xauth_noauth.h
src/libcharon/plugins/xauth_pam/xauth_pam.c
src/libcharon/plugins/xauth_pam/xauth_pam.h
src/libcharon/sa/ikev1/tasks/xauth.c
src/libcharon/sa/xauth/xauth_manager.c
src/libcharon/sa/xauth/xauth_manager.h
src/libcharon/sa/xauth/xauth_method.h

index f090e94..2f64f32 100644 (file)
@@ -280,4 +280,3 @@ eap_gtc_t *eap_gtc_create_peer(identification_t *server, identification_t *peer)
 
        return &this->public;
 }
-
index bd960d2..af24985 100644 (file)
@@ -175,7 +175,8 @@ METHOD(xauth_method_t, destroy, void,
  * Described in header.
  */
 eap_radius_xauth_t *eap_radius_xauth_create_server(identification_t *server,
-                                                                                                  identification_t *peer)
+                                                                                                  identification_t *peer,
+                                                                                                  char *profile)
 {
        private_eap_radius_xauth_t *this;
 
index 8571bbc..5baacfb 100644 (file)
@@ -41,9 +41,11 @@ struct eap_radius_xauth_t {
  *
  * @param server       ID of the XAuth server
  * @param peer         ID of the XAuth client
+ * @param profile      configuration string
  * @return                     xauth_generic_t object
  */
 eap_radius_xauth_t *eap_radius_xauth_create_server(identification_t *server,
-                                                                                                  identification_t *peer);
+                                                                                                  identification_t *peer,
+                                                                                                  char *profile);
 
 #endif /** EAP_RADIUS_XAUTH_H_ @}*/
index 1da1d9f..5ac4f10 100644 (file)
@@ -266,7 +266,7 @@ METHOD(xauth_method_t, destroy, void,
  * Described in header.
  */
 xauth_eap_t *xauth_eap_create_server(identification_t *server,
-                                                                        identification_t *peer)
+                                                                        identification_t *peer, char *profile)
 {
        private_xauth_eap_t *this;
 
index 7092724..7da243a 100644 (file)
@@ -47,9 +47,11 @@ struct xauth_eap_t {
  *
  * @param server       ID of the XAuth server
  * @param peer         ID of the XAuth client
+ * @param profile      configuration string
  * @return                     xauth_eap_t object
  */
 xauth_eap_t *xauth_eap_create_server(identification_t *server,
-                                                                        identification_t *peer);
+                                                                        identification_t *peer,
+                                                                        char *profile);
 
 #endif /** XAUTH_EAP_H_ @}*/
index f0e675a..03fe291 100644 (file)
@@ -187,7 +187,8 @@ METHOD(xauth_method_t, destroy, void,
  * Described in header.
  */
 xauth_generic_t *xauth_generic_create_peer(identification_t *server,
-                                                                                  identification_t *peer)
+                                                                                  identification_t *peer,
+                                                                                  char *profile)
 {
        private_xauth_generic_t *this;
 
@@ -211,7 +212,8 @@ xauth_generic_t *xauth_generic_create_peer(identification_t *server,
  * Described in header.
  */
 xauth_generic_t *xauth_generic_create_server(identification_t *server,
-                                                                                        identification_t *peer)
+                                                                                        identification_t *peer,
+                                                                                        char *profile)
 {
        private_xauth_generic_t *this;
 
index 5773589..52744d0 100644 (file)
@@ -42,19 +42,23 @@ struct xauth_generic_t {
  *
  * @param server       ID of the XAuth server
  * @param peer         ID of the XAuth client
+ * @param profile      configuration string
  * @return                     xauth_generic_t object
  */
 xauth_generic_t *xauth_generic_create_server(identification_t *server,
-                                                                                        identification_t *peer);
+                                                                                        identification_t *peer,
+                                                                                        char *profile);
 
 /**
  * Creates the generic XAuth method, acting as peer.
  *
  * @param server       ID of the XAuth server
  * @param peer         ID of the XAuth client
+ * @param profile      configuration string
  * @return                     xauth_generic_t object
  */
 xauth_generic_t *xauth_generic_create_peer(identification_t *server,
-                                                                                  identification_t *peer);
+                                                                                  identification_t *peer,
+                                                                                  char *profile);
 
 #endif /** XAUTH_GENERIC_H_ @}*/
index a9d9512..4b8ad8e 100644 (file)
@@ -69,7 +69,8 @@ METHOD(xauth_method_t, destroy, void,
  * Described in header.
  */
 xauth_noauth_t *xauth_noauth_create_server(identification_t *server,
-                                                                                  identification_t *peer)
+                                                                                  identification_t *peer,
+                                                                                  char *profile)
 {
        private_xauth_noauth_t *this;
 
index 8984b0a..2ac358e 100644 (file)
@@ -42,9 +42,11 @@ struct xauth_noauth_t {
  *
  * @param server       ID of the XAuth server
  * @param peer         ID of the XAuth client
+ * @param profile      configuration string
  * @return                     xauth_noauth_t object
  */
 xauth_noauth_t *xauth_noauth_create_server(identification_t *server,
-                                                                                  identification_t *peer);
+                                                                                  identification_t *peer,
+                                                                                  char *profile);
 
 #endif /** XAUTH_NOAUTH_H_ @}*/
index 98c1a97..6cbe1c2 100644 (file)
@@ -195,7 +195,7 @@ METHOD(xauth_method_t, destroy, void,
  * Described in header.
  */
 xauth_pam_t *xauth_pam_create_server(identification_t *server,
-                                                                        identification_t *peer)
+                                                                        identification_t *peer, char *profile)
 {
        private_xauth_pam_t *this;
 
index f2d310c..8b9fffe 100644 (file)
@@ -41,9 +41,10 @@ struct xauth_pam_t {
  *
  * @param server       ID of the XAuth server
  * @param peer         ID of the XAuth client
+ * @param profile      configuration string
  * @return                     xauth_pam_t object
  */
 xauth_pam_t *xauth_pam_create_server(identification_t *server,
-                                                                        identification_t *peer);
+                                                                        identification_t *peer, char *profile);
 
 #endif /** XAUTH_PAM_H_ @}*/
index 31114e5..f5555ec 100644 (file)
@@ -127,7 +127,7 @@ static xauth_method_t *load_method(private_xauth_t* this)
        {
                if (name)
                {
-                       DBG1(DBG_CFG, "no XAuth method found named '%s'", name);
+                       DBG1(DBG_CFG, "no XAuth method found for '%s'", name);
                }
                else
                {
index 5709dc6..17eecc2 100644 (file)
@@ -107,6 +107,17 @@ METHOD(xauth_manager_t, create_instance, xauth_method_t*,
        enumerator_t *enumerator;
        xauth_entry_t *entry;
        xauth_method_t *method = NULL;
+       char *profile = NULL;
+
+       if (name)
+       {
+               profile = strchr(name, ':');
+               if (profile)
+               {
+                       name = strndup(name, profile - name);
+                       profile++;
+               }
+       }
 
        this->lock->read_lock(this->lock);
        enumerator = this->methods->create_enumerator(this->methods);
@@ -118,7 +129,7 @@ METHOD(xauth_manager_t, create_instance, xauth_method_t*,
                }
                if (role == entry->role && (!name || streq(name, entry->name)))
                {
-                       method = entry->constructor(server, peer);
+                       method = entry->constructor(server, peer, profile);
                        if (method)
                        {
                                break;
@@ -127,6 +138,10 @@ METHOD(xauth_manager_t, create_instance, xauth_method_t*,
        }
        enumerator->destroy(enumerator);
        this->lock->unlock(this->lock);
+       if (profile)
+       {
+               free(name);
+       }
        return method;
 }
 
index 929d5de..4cef4ae 100644 (file)
@@ -55,7 +55,11 @@ struct xauth_manager_t {
        /**
         * Create a new XAuth method instance.
         *
-        * @param name                  backend name, as it was registered with
+        * The name may contain an option string, seperated by a colon. This option
+        * string gets passed to the XAuth constructor to specify the behavior
+        * of the XAuth method.
+        *
+        * @param name                  backend name, with optional config string
         * @param role                  XAUTH_SERVER or XAUTH_PEER
         * @param server                identity of the server
         * @param peer                  identity of the peer (client)
index 9f6067d..701b4dc 100644 (file)
@@ -104,10 +104,12 @@ struct xauth_method_t {
  *
  * @param server               ID of the server to use for credential lookup
  * @param peer                 ID of the peer to use for credential lookup
+ * @param profile              configuration string to pass to XAuth method, or NULL
  * @return                             implementation of the eap_method_t interface
  */
 typedef xauth_method_t *(*xauth_constructor_t)(identification_t *server,
-                                                                                          identification_t *peer);
+                                                                                          identification_t *peer,
+                                                                                          char *profile);
 
 /**
  * Helper function to (un-)register XAuth methods from plugin features.