* TNCCS protocol handler, implemented as tls_t
*/
tls_t *tnccs;
+
};
/**
sasl_mechanism_t *sasl, chunk_t data)
{
bio_writer_t *writer;
+ status_t status;
+ identification_t *client;
+ tnccs_t *tnccs;
+
+ status = sasl->process(sasl, data);
+ if (status != NEED_MORE)
+ {
+ client = sasl->get_client(sasl);
+ if (client)
+ {
+ DBG1(DBG_TNC, "SASL client identity is '%Y'", client);
+ this->tnccs->set_peer_id(this->tnccs, client);
+ if (streq(sasl->get_name(sasl), "PLAIN"))
+ {
+ tnccs = (tnccs_t*)this->tnccs;
+ tnccs->set_auth_type(tnccs, TNC_AUTH_PASSWORD);
+ }
+ }
+ }
- switch (sasl->process(sasl, data))
+ switch (status)
{
case NEED_MORE:
return NEED_MORE;
char* (*get_name)(sasl_mechanism_t *this);
/**
+ * Get the client identity
+ *
+ * @return client identity
+ */
+ identification_t* (*get_client)(sasl_mechanism_t *this);
+
+ /**
* Build a SASL message to send to remote host.
*
* A message is returned if the return value is NEED_MORE or SUCCESS. A
identification_t *client;
};
+METHOD(sasl_mechanism_t, get_client, identification_t*,
+ private_sasl_plain_t *this)
+{
+ return this->client;
+}
+
METHOD(sasl_mechanism_t, get_name, char*,
private_sasl_plain_t *this)
{
private_sasl_plain_t *this, chunk_t message)
{
chunk_t authz, authi, password;
- identification_t *id;
shared_key_t *shared;
u_char *pos;
}
authi = chunk_create(message.ptr, pos - message.ptr);
password = chunk_skip(message, authi.len + 1);
- id = identification_create_from_data(authi);
- shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL);
+ DESTROY_IF(this->client);
+ this->client = identification_create_from_data(authi);
+ shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, this->client,
+ NULL);
if (!shared)
{
- DBG1(DBG_CFG, "no shared secret found for '%Y'", id);
- id->destroy(id);
+ DBG1(DBG_CFG, "no shared secret found for '%Y'", this->client);
return FAILED;
}
if (!chunk_equals(shared->get_key(shared), password))
{
- DBG1(DBG_CFG, "shared secret for '%Y' does not match", id);
- id->destroy(id);
+ DBG1(DBG_CFG, "shared secret for '%Y' does not match", this->client);
shared->destroy(shared);
return FAILED;
}
- id->destroy(id);
shared->destroy(shared);
return SUCCESS;
}
.public = {
.sasl = {
.get_name = _get_name,
+ .get_client = _get_client,
.destroy = _destroy,
},
},
identification_t* (*get_server_id)(tls_t *this);
/**
+ * Set the peer identity.
+ *
+ * @param id peer identity
+ */
+ void (*set_peer_id)(tls_t *this, identification_t *id);
+
+ /**
* Return the peer identity.
*
* @return peer identity
return this->server;
}
+METHOD(tls_t, set_peer_id, void,
+ private_tnccs_11_t *this, identification_t *id)
+{
+ DESTROY_IF(this->peer);
+ this->peer = id->clone(id);
+}
+
METHOD(tls_t, get_peer_id, identification_t*,
private_tnccs_11_t *this)
{
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
+ .set_peer_id = _set_peer_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
return this->server;
}
+METHOD(tls_t, set_peer_id, void,
+ private_tnccs_20_t *this, identification_t *id)
+{
+ DESTROY_IF(this->peer);
+ this->peer = id->clone(id);
+}
+
METHOD(tls_t, get_peer_id, identification_t*,
private_tnccs_20_t *this)
{
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
+ .set_peer_id = _set_peer_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
return this->server;
}
+METHOD(tls_t, set_peer_id, void,
+ private_tnccs_dynamic_t *this, identification_t *id)
+{
+ DESTROY_IF(this->peer);
+ this->peer = id->clone(id);
+ if (this->tls)
+ {
+ this->tls->set_peer_id(this->tls, id);
+ }
+}
+
METHOD(tls_t, get_peer_id, identification_t*,
private_tnccs_dynamic_t *this)
{
.build = _build,
.is_server = _is_server,
.get_server_id = _get_server_id,
+ .set_peer_id = _set_peer_id,
.get_peer_id = _get_peer_id,
.get_purpose = _get_purpose,
.is_complete = _is_complete,
projects / strongswan.git / commitdiff