classify an EAP identity as a username
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 8 Aug 2011 17:03:50 +0000 (19:03 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Wed, 10 Aug 2011 07:29:34 +0000 (09:29 +0200)
src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c
src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.h

index b7a889c..aee36d6 100644 (file)
@@ -45,14 +45,20 @@ static bool publish_ike_sa(private_tnc_ifmap_listener_t *this,
                                                   ike_sa_t *ike_sa, bool up)
 {
        u_int32_t ike_sa_id;
-       identification_t *id;
+       identification_t *id, *eap_id;
+       bool is_user;
        host_t *host;
 
        ike_sa_id = ike_sa->get_unique_id(ike_sa);
        id = ike_sa->get_other_id(ike_sa);
+       eap_id = ike_sa->get_other_eap_id(ike_sa);
        host = ike_sa->get_other_host(ike_sa);
 
-       return this->ifmap->publish(this->ifmap, ike_sa_id, id, host, up);
+       /* In the presence of an EAP Identity, treat it as a username */
+       is_user = !id->equals(id, eap_id);
+
+       return this->ifmap->publish_ike_sa(this->ifmap, ike_sa_id, eap_id, is_user,
+                                                                          host, up);
 }
 
 /**
index acef2cc..b1c7f5a 100644 (file)
@@ -215,7 +215,7 @@ static axiom_node_t* create_access_request(private_tnc_ifmap_soap_t *this,
  * Create an identity
  */
 static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this,
-                                                                                  identification_t *id)
+                                                                        identification_t *id, bool is_user)
 {
        axiom_element_t *el;
        axiom_node_t *node;
@@ -231,7 +231,7 @@ static axiom_node_t* create_identity(private_tnc_ifmap_soap_t *this,
        switch (id->get_type(id))
        {
                case ID_FQDN:
-                       id_type = "dns-name";
+                       id_type = is_user ? "username" : "dns-name";
                        break;
                case ID_RFC822_ADDR:
                        id_type = "email-address";
@@ -333,9 +333,9 @@ static axiom_node_t* create_delete_filter(private_tnc_ifmap_soap_t *this,
        return node;
 }
 
-METHOD(tnc_ifmap_soap_t, publish, bool,
+METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool,
        private_tnc_ifmap_soap_t *this, u_int32_t ike_sa_id, identification_t *id,
-       host_t *host, bool up)
+       bool is_user, host_t *host, bool up)
 {
        axiom_node_t *request, *node;
        axiom_element_t *el;
@@ -368,7 +368,7 @@ METHOD(tnc_ifmap_soap_t, publish, bool,
        axiom_node_add_child(node, this->env,
                                                         create_access_request(this, ike_sa_id));
        axiom_node_add_child(node, this->env,
-                                                        create_identity(this, id));
+                                                        create_identity(this, id, is_user));
        if (up)
        {
                axiom_node_add_child(node, this->env,
@@ -501,7 +501,7 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create()
                .public = {
                        .newSession = _newSession,
                        .purgePublisher = _purgePublisher,
-                       .publish = _publish,
+                       .publish_ike_sa = _publish_ike_sa,
                        .endSession = _endSession,
                        .destroy = _destroy,
                },
index ca43011..9d24425 100644 (file)
@@ -50,13 +50,15 @@ struct tnc_ifmap_soap_t {
         *
         * @param ike_sa_id             unique IKE_SA id
         * @param id                    id of remote endpoint
+        * @param is_user               TRUE if id is an EAP username
         * @param host                  IP address of remote endpoint
         * @param up                    TRUE if IKE_SEA is up, FALSE if down
         * @return                              TRUE if command was successful
         */
 
-       bool (*publish)(tnc_ifmap_soap_t *this,  u_int32_t ike_sa_id,
-                                       identification_t *id, host_t *host, bool up);
+       bool (*publish_ike_sa)(tnc_ifmap_soap_t *this,  u_int32_t ike_sa_id,
+                                                  identification_t *id, bool is_user,
+                                                  host_t *host, bool up);
 
        /**
         * Ends an IF-MAP session