Prefer EAP-Identity for provider attribute/address lookup
authorMartin Willi <martin@strongswan.org>
Tue, 1 Dec 2009 13:01:56 +0000 (13:01 +0000)
committerMartin Willi <martin@strongswan.org>
Tue, 1 Dec 2009 13:24:07 +0000 (14:24 +0100)
src/charon/sa/tasks/ike_config.c

index a42a1c6..b1c133a 100644 (file)
@@ -299,6 +299,38 @@ static status_t process_r(private_ike_config_t *this, message_t *message)
 }
 
 /**
+ * Find a peer (EAP) identity to query provider for attributes
+ */
+static identification_t *get_peer_identity(private_ike_config_t *this)
+{
+       identification_t *id = NULL, *current;
+       enumerator_t *enumerator;
+       auth_cfg_t *cfg;
+
+       enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE);
+       while (enumerator->enumerate(enumerator, &cfg))
+       {
+               /* prefer EAP-Identity of last round */
+               current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
+               if (!current || current->get_type(current) == ID_ANY)
+               {
+                       current = cfg->get(cfg, AUTH_RULE_IDENTITY);
+               }
+               if (current && current->get_type(current) != ID_ANY)
+               {
+                       id = current;
+                       continue;
+               }
+       }
+       enumerator->destroy(enumerator);
+       if (!id)
+       {       /* fallback, should not happen */
+               id = this->ike_sa->get_other_id(this->ike_sa);
+       }
+       return id;
+}
+
+/**
  * Implementation of task_t.build for responder
  */
 static status_t build_r(private_ike_config_t *this, message_t *message)
@@ -311,6 +343,9 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
                host_t *vip = NULL;
                cp_payload_t *cp = NULL;
                peer_cfg_t *config;
+               identification_t *id;
+
+               id = get_peer_identity(this);
 
                config = this->ike_sa->get_peer_cfg(this->ike_sa);
                if (config && this->virtual_ip)
@@ -319,9 +354,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
                        if (config->get_pool(config))
                        {
                                vip = lib->attributes->acquire_address(lib->attributes,
-                                                                       config->get_pool(config),
-                                                                       this->ike_sa->get_other_id(this->ike_sa),
-                                                                       this->virtual_ip);
+                                                       config->get_pool(config), id, this->virtual_ip);
                        }
                        if (vip == NULL)
                        {
@@ -340,7 +373,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
 
                /* query registered providers for additional attributes to include */
                enumerator = lib->attributes->create_responder_enumerator(
-                               lib->attributes, this->ike_sa->get_other_id(this->ike_sa), vip);
+                                                                                                       lib->attributes, id, vip);
                while (enumerator->enumerate(enumerator, &type, &value))
                {
                        if (!cp)