Added an identity getter to XAuth methods to query the actually used identity
authorMartin Willi <martin@revosec.ch>
Thu, 15 Dec 2011 12:14:33 +0000 (13:14 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:23 +0000 (17:31 +0100)
src/libcharon/plugins/xauth_generic/xauth_generic.c
src/libcharon/sa/authenticators/xauth/xauth_method.h

index 981ab77..6350a13 100644 (file)
@@ -98,7 +98,7 @@ METHOD(xauth_method_t, process_server, status_t,
        configuration_attribute_t *attr;
        enumerator_t *enumerator;
        shared_key_t *shared;
        configuration_attribute_t *attr;
        enumerator_t *enumerator;
        shared_key_t *shared;
-       identification_t *id = NULL, *peer;
+       identification_t *id;
        chunk_t user = chunk_empty, pass = chunk_empty;
        status_t status = SUCCESS;
 
        chunk_t user = chunk_empty, pass = chunk_empty;
        status_t status = SUCCESS;
 
@@ -132,31 +132,33 @@ METHOD(xauth_method_t, process_server, status_t,
                        DBG1(DBG_IKE, "failed to parse provided XAuth username");
                        return FAILED;
                }
                        DBG1(DBG_IKE, "failed to parse provided XAuth username");
                        return FAILED;
                }
+               this->peer->destroy(this->peer);
+               this->peer = id;
        }
 
        }
 
-       peer = id ?: this->peer;
-       shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, this->server,
-                                                                         peer);
+       shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP,
+                                                                         this->server, this->peer);
        if (!shared)
        {
        if (!shared)
        {
-               DBG1(DBG_IKE, "no XAuth secret found for '%Y' - '%Y'", this->server,
-                        peer);
+               DBG1(DBG_IKE, "no XAuth secret found for '%Y' - '%Y'",
+                        this->server, this->peer);
                status = FAILED;
        }
        else if (!chunk_equals(shared->get_key(shared), pass))
        {
                status = FAILED;
        }
        else if (!chunk_equals(shared->get_key(shared), pass))
        {
-               DBG1(DBG_IKE, "failed to authenticate '%Y' with XAuth", peer);
+               DBG1(DBG_IKE, "failed to authenticate '%Y' with XAuth", this->peer);
                status = FAILED;
        }
                status = FAILED;
        }
-       else
-       {
-               DBG2(DBG_IKE, "authentication of '%Y' with XAuth successful", peer);
-       }
        DESTROY_IF(shared);
        DESTROY_IF(shared);
-       DESTROY_IF(id);
        return status;
 }
 
        return status;
 }
 
+METHOD(xauth_method_t, get_identity, identification_t*,
+       private_xauth_generic_t *this)
+{
+       return this->peer;
+}
+
 METHOD(xauth_method_t, destroy, void,
        private_xauth_generic_t *this)
 {
 METHOD(xauth_method_t, destroy, void,
        private_xauth_generic_t *this)
 {
@@ -178,6 +180,7 @@ xauth_generic_t *xauth_generic_create_peer(identification_t *server,
                        .xauth_method = {
                                .initiate = _initiate_peer,
                                .process = _process_peer,
                        .xauth_method = {
                                .initiate = _initiate_peer,
                                .process = _process_peer,
+                               .get_identity = _get_identity,
                                .destroy = _destroy,
                        },
                },
                                .destroy = _destroy,
                        },
                },
@@ -201,6 +204,7 @@ xauth_generic_t *xauth_generic_create_server(identification_t *server,
                        .xauth_method = {
                                .initiate = _initiate_server,
                                .process = _process_server,
                        .xauth_method = {
                                .initiate = _initiate_server,
                                .process = _process_server,
+                               .get_identity = _get_identity,
                                .destroy = _destroy,
                        },
                },
                                .destroy = _destroy,
                        },
                },
index c544724..9f6067d 100644 (file)
@@ -81,6 +81,13 @@ struct xauth_method_t {
                                                 cp_payload_t **out);
 
        /**
                                                 cp_payload_t **out);
 
        /**
+        * Get the XAuth username received as XAuth initiator.
+        *
+        * @return                      used XAuth username, pointer to internal data
+        */
+       identification_t* (*get_identity)(xauth_method_t *this);
+
+       /**
         * Destroys a eap_method_t object.
         */
        void (*destroy) (xauth_method_t *this);
         * Destroys a eap_method_t object.
         */
        void (*destroy) (xauth_method_t *this);