Added auth_cfg option to select XAUTH backend to use
authorMartin Willi <martin@revosec.ch>
Thu, 8 Dec 2011 15:53:27 +0000 (16:53 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:15 +0000 (17:31 +0100)
src/libstrongswan/credentials/auth_cfg.c
src/libstrongswan/credentials/auth_cfg.h
src/libstrongswan/plugins/plugin_feature.c

index 4b5dbbc..c9a8be6 100644 (file)
@@ -37,6 +37,7 @@ ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT,
        "RULE_EAP_IDENTITY",
        "RULE_EAP_TYPE",
        "RULE_EAP_VENDOR",
+       "RULE_XAUTH_BACKEND",
        "RULE_CA_CERT",
        "RULE_IM_CERT",
        "RULE_SUBJECT_CERT",
@@ -159,6 +160,7 @@ static void destroy_entry_value(entry_t *entry)
                        break;
                }
                case AUTH_RULE_CERT_POLICY:
+               case AUTH_RULE_XAUTH_BACKEND:
                case AUTH_HELPER_IM_HASH_URL:
                case AUTH_HELPER_SUBJECT_HASH_URL:
                {
@@ -205,6 +207,7 @@ static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator,
                        case AUTH_RULE_IDENTITY:
                        case AUTH_RULE_EAP_IDENTITY:
                        case AUTH_RULE_AAA_IDENTITY:
+                       case AUTH_RULE_XAUTH_BACKEND:
                        case AUTH_RULE_GROUP:
                        case AUTH_RULE_CA_CERT:
                        case AUTH_RULE_IM_CERT:
@@ -273,6 +276,7 @@ METHOD(auth_cfg_t, get, void*,
                case AUTH_RULE_IDENTITY:
                case AUTH_RULE_EAP_IDENTITY:
                case AUTH_RULE_AAA_IDENTITY:
+               case AUTH_RULE_XAUTH_BACKEND:
                case AUTH_RULE_GROUP:
                case AUTH_RULE_CA_CERT:
                case AUTH_RULE_IM_CERT:
@@ -313,6 +317,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
                case AUTH_RULE_IDENTITY:
                case AUTH_RULE_EAP_IDENTITY:
                case AUTH_RULE_AAA_IDENTITY:
+               case AUTH_RULE_XAUTH_BACKEND:
                case AUTH_RULE_GROUP:
                case AUTH_RULE_CA_CERT:
                case AUTH_RULE_IM_CERT:
@@ -577,6 +582,8 @@ METHOD(auth_cfg_t, complies, bool,
                                }
                                break;
                        }
+                       case AUTH_RULE_XAUTH_BACKEND:
+                               /* not enforced, just a hint for local authentication */
                        case AUTH_HELPER_IM_CERT:
                        case AUTH_HELPER_SUBJECT_CERT:
                        case AUTH_HELPER_IM_HASH_URL:
@@ -656,6 +663,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
                                        add(this, type, id->clone(id));
                                        break;
                                }
+                               case AUTH_RULE_XAUTH_BACKEND:
                                case AUTH_RULE_CERT_POLICY:
                                case AUTH_HELPER_IM_HASH_URL:
                                case AUTH_HELPER_SUBJECT_HASH_URL:
@@ -755,6 +763,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
                                                }
                                                continue;
                                        }
+                                       case AUTH_RULE_XAUTH_BACKEND:
                                        case AUTH_RULE_CERT_POLICY:
                                        case AUTH_HELPER_IM_HASH_URL:
                                        case AUTH_HELPER_SUBJECT_HASH_URL:
@@ -840,6 +849,7 @@ METHOD(auth_cfg_t, clone_, auth_cfg_t*,
                                clone->add(clone, entry->type, cert->get_ref(cert));
                                break;
                        }
+                       case AUTH_RULE_XAUTH_BACKEND:
                        case AUTH_RULE_CERT_POLICY:
                        case AUTH_HELPER_IM_HASH_URL:
                        case AUTH_HELPER_SUBJECT_HASH_URL:
index fd8e4c0..3e0fc73 100644 (file)
@@ -78,6 +78,8 @@ enum auth_rule_t {
        AUTH_RULE_EAP_TYPE,
        /** EAP vendor for vendor specific type, u_int32_t */
        AUTH_RULE_EAP_VENDOR,
+       /** XAUTH backend name to use, char* */
+       AUTH_RULE_XAUTH_BACKEND,
        /** certificate authority, certificate_t* */
        AUTH_RULE_CA_CERT,
        /** intermediate certificate in trustchain, certificate_t* */
index b2bf419..6555e59 100644 (file)
@@ -234,8 +234,8 @@ char* plugin_feature_get_string(plugin_feature_t *feature)
                        break;
                case FEATURE_XAUTH_SERVER:
                case FEATURE_XAUTH_PEER:
-                       if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
-                                       xauth_method_type_short_names, feature->arg.xauth) > 0)
+                       if (asprintf(&str, "%N:%s", plugin_feature_names, feature->type,
+                                       feature->arg.xauth) > 0)
                        {
                                return str;
                        }