updated medcli/medsrv plugins to use new auth_cfg API, fixes compilation
authorMartin Willi <martin@strongswan.org>
Thu, 4 Jun 2009 12:00:01 +0000 (14:00 +0200)
committerMartin Willi <martin@strongswan.org>
Fri, 5 Jun 2009 12:15:39 +0000 (14:15 +0200)
src/charon/plugins/medcli/medcli_config.c
src/charon/plugins/medsrv/medsrv_config.c

index e6ae720..3b33325 100644 (file)
@@ -95,6 +95,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
 {
        enumerator_t *e;
        peer_cfg_t *peer_cfg, *med_cfg;
 {
        enumerator_t *e;
        peer_cfg_t *peer_cfg, *med_cfg;
+       auth_cfg_t *auth;
        ike_cfg_t *ike_cfg;
        child_cfg_t *child_cfg;
        chunk_t me, other;
        ike_cfg_t *ike_cfg;
        child_cfg_t *child_cfg;
        chunk_t me, other;
@@ -116,8 +117,6 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        med_cfg = peer_cfg_create(
                "mediation", 2, ike_cfg,
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        med_cfg = peer_cfg_create(
                "mediation", 2, ike_cfg,
-               identification_create_from_encoding(ID_KEY_ID, me),
-               identification_create_from_encoding(ID_KEY_ID, other),
                CERT_NEVER_SEND, UNIQUE_REPLACE, 
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                CERT_NEVER_SEND, UNIQUE_REPLACE, 
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
@@ -126,6 +125,17 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
        e->destroy(e);
        
                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
        e->destroy(e);
        
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, me));
+       med_cfg->add_auth_cfg(med_cfg, auth, TRUE);
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, other));
+       med_cfg->add_auth_cfg(med_cfg, auth, FALSE);
+       
        /* query mediated config:
         * - use any-any ike_cfg
         * - build peer_cfg on-the-fly using med_cfg
        /* query mediated config:
         * - use any-any ike_cfg
         * - build peer_cfg on-the-fly using med_cfg
@@ -144,8 +154,6 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
        }
        peer_cfg = peer_cfg_create(
                name, 2, this->ike->get_ref(this->ike),
        }
        peer_cfg = peer_cfg_create(
                name, 2, this->ike->get_ref(this->ike),
-               identification_create_from_encoding(ID_KEY_ID, me),
-               identification_create_from_encoding(ID_KEY_ID, other),
                CERT_NEVER_SEND, UNIQUE_REPLACE, 
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                CERT_NEVER_SEND, UNIQUE_REPLACE, 
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
@@ -154,6 +162,17 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                FALSE, med_cfg,                                 /* mediation, med by */
                identification_create_from_encoding(ID_KEY_ID, other));
        
                FALSE, med_cfg,                                 /* mediation, med by */
                identification_create_from_encoding(ID_KEY_ID, other));
        
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, me));
+       peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, other));
+       peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+       
        child_cfg = child_cfg_create(name, this->rekey*60 + this->rekey,
                                                          this->rekey*60, this->rekey, NULL, TRUE,
                                                          MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
        child_cfg = child_cfg_create(name, this->rekey*60 + this->rekey,
                                                          this->rekey*60, this->rekey, NULL, TRUE,
                                                          MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
@@ -197,7 +216,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
        char *name, *local_net, *remote_net;
        chunk_t me, other;
        child_cfg_t *child_cfg;
        char *name, *local_net, *remote_net;
        chunk_t me, other;
        child_cfg_t *child_cfg;
-
+       auth_cfg_t *auth;
+       
        DESTROY_IF(this->current);
        if (!this->inner->enumerate(this->inner, &name, &me, &other,
                                                                &local_net, &remote_net))
        DESTROY_IF(this->current);
        if (!this->inner->enumerate(this->inner, &name, &me, &other,
                                                                &local_net, &remote_net))
@@ -207,14 +227,24 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
        }
        this->current = peer_cfg_create(
                                name, 2, this->ike->get_ref(this->ike),
        }
        this->current = peer_cfg_create(
                                name, 2, this->ike->get_ref(this->ike),
-                               identification_create_from_encoding(ID_KEY_ID, me),
-                               identification_create_from_encoding(ID_KEY_ID, other),
                                CERT_NEVER_SEND, UNIQUE_REPLACE, 
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                                TRUE, this->dpd,                                /* mobike, dpddelay */
                                NULL, NULL,                                     /* vip, pool */
                                FALSE, NULL, NULL);                     /* mediation, med by, peer id */
                                CERT_NEVER_SEND, UNIQUE_REPLACE, 
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                                TRUE, this->dpd,                                /* mobike, dpddelay */
                                NULL, NULL,                                     /* vip, pool */
                                FALSE, NULL, NULL);                     /* mediation, med by, peer id */
+       
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, me));
+       this->current->add_auth_cfg(this->current, auth, TRUE);
+       auth = auth_cfg_create();
+       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+       auth->add(auth, AUTH_RULE_IDENTITY,
+                         identification_create_from_encoding(ID_KEY_ID, other));
+       this->current->add_auth_cfg(this->current, auth, FALSE);
+       
        child_cfg = child_cfg_create(
                                name, this->rekey*60 + this->rekey,
                                this->rekey*60, this->rekey, NULL, TRUE,
        child_cfg = child_cfg_create(
                                name, this->rekey*60 + this->rekey,
                                this->rekey*60, this->rekey, NULL, TRUE,
index 3361966..1ab7f38 100644 (file)
@@ -90,13 +90,13 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this,
        if (e)
        {
                peer_cfg_t *peer_cfg;
        if (e)
        {
                peer_cfg_t *peer_cfg;
+               auth_cfg_t *auth;
                char *name;
                
                if (e->enumerate(e, &name))
                {
                        peer_cfg = peer_cfg_create(
                                name, 2, this->ike->get_ref(this->ike),
                char *name;
                
                if (e->enumerate(e, &name))
                {
                        peer_cfg = peer_cfg_create(
                                name, 2, this->ike->get_ref(this->ike),
-                               me->clone(me), other->clone(other),
                                CERT_NEVER_SEND, UNIQUE_REPLACE,
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
                                CERT_NEVER_SEND, UNIQUE_REPLACE,
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
@@ -104,6 +104,16 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this,
                                NULL, NULL,                                     /* vip, pool */
                                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
                        e->destroy(e);
                                NULL, NULL,                                     /* vip, pool */
                                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
                        e->destroy(e);
+                       
+                       auth = auth_cfg_create();
+                       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+                       auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
+                       peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+                       auth = auth_cfg_create();
+                       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+                       auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
+                       peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+                       
                        return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
                }
                e->destroy(e);
                        return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
                }
                e->destroy(e);