ARG_DISBL_SET([xauth-generic], [disable generic XAuth backend.])
ARG_ENABL_SET([xauth-eap], [enable XAuth backend using EAP methods to verify passwords.])
ARG_ENABL_SET([xauth-pam], [enable XAuth backend using PAM to verify passwords.])
+ARG_ENABL_SET([xauth-noauth], [enable XAuth pseudo-backend that does not actually verify or even request any credentials.])
ARG_ENABL_SET([tnc-ifmap], [enable TNC IF-MAP module.])
ARG_ENABL_SET([tnc-pdp], [enable TNC policy decision point module.])
ARG_ENABL_SET([tnc-imc], [enable TNC IMC module.])
ADD_PLUGIN([xauth-generic], [c charon])
ADD_PLUGIN([xauth-eap], [c charon])
ADD_PLUGIN([xauth-pam], [c charon])
+ADD_PLUGIN([xauth-noauth], [c charon])
ADD_PLUGIN([tnc-ifmap], [c charon])
ADD_PLUGIN([tnc-pdp], [c charon])
ADD_PLUGIN([tnc-imc], [c charon])
AM_CONDITIONAL(USE_XAUTH_GENERIC, test x$xauth_generic = xtrue)
AM_CONDITIONAL(USE_XAUTH_EAP, test x$xauth_eap = xtrue)
AM_CONDITIONAL(USE_XAUTH_PAM, test x$xauth_pam = xtrue)
+AM_CONDITIONAL(USE_XAUTH_NOAUTH, test x$xauth_noauth = xtrue)
AM_CONDITIONAL(USE_TNC_IFMAP, test x$tnc_ifmap = xtrue)
AM_CONDITIONAL(USE_TNC_PDP, test x$tnc_pdp = xtrue)
AM_CONDITIONAL(USE_TNC_IMC, test x$tnc_imc = xtrue)
src/libcharon/plugins/xauth_generic/Makefile
src/libcharon/plugins/xauth_eap/Makefile
src/libcharon/plugins/xauth_pam/Makefile
+ src/libcharon/plugins/xauth_noauth/Makefile
src/libcharon/plugins/tnc_ifmap/Makefile
src/libcharon/plugins/tnc_pdp/Makefile
src/libcharon/plugins/tnc_imc/Makefile
libcharon_la_LIBADD += plugins/xauth_pam/libstrongswan-xauth-pam.la
endif
endif
+
+if USE_XAUTH_NOAUTH
+ SUBDIRS += plugins/xauth_noauth
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/xauth_noauth/libstrongswan-xauth-noauth.la
+endif
+endif
--- /dev/null
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-xauth-noauth.la
+else
+plugin_LTLIBRARIES = libstrongswan-xauth-noauth.la
+endif
+
+libstrongswan_xauth_noauth_la_SOURCES = \
+ xauth_noauth_plugin.h xauth_noauth_plugin.c \
+ xauth_noauth.h xauth_noauth.c
+
+libstrongswan_xauth_noauth_la_LDFLAGS = -module -avoid-version
--- /dev/null
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "xauth_noauth.h"
+
+#include <daemon.h>
+#include <library.h>
+
+typedef struct private_xauth_noauth_t private_xauth_noauth_t;
+
+/**
+ * Private data of an xauth_noauth_t object.
+ */
+struct private_xauth_noauth_t {
+
+ /**
+ * Public interface.
+ */
+ xauth_noauth_t public;
+
+ /**
+ * ID of the peer (not really used here)
+ */
+ identification_t *peer;
+
+};
+
+METHOD(xauth_method_t, initiate, status_t,
+ private_xauth_noauth_t *this, cp_payload_t **out)
+{
+ /* XAuth task handles the details for us */
+ return SUCCESS;
+}
+
+METHOD(xauth_method_t, process, status_t,
+ private_xauth_noauth_t *this, cp_payload_t *in, cp_payload_t **out)
+{
+ /* this should never be called */
+ return FAILED;
+}
+
+METHOD(xauth_method_t, get_identity, identification_t*,
+ private_xauth_noauth_t *this)
+{
+ /* this should never be called, but lets still return a valid ID */
+ return this->peer;
+}
+
+METHOD(xauth_method_t, destroy, void,
+ private_xauth_noauth_t *this)
+{
+ this->peer->destroy(this->peer);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+xauth_noauth_t *xauth_noauth_create_server(identification_t *server,
+ identification_t *peer)
+{
+ private_xauth_noauth_t *this;
+
+ INIT(this,
+ .public = {
+ .xauth_method = {
+ .initiate = _initiate,
+ .process = _process,
+ .get_identity = _get_identity,
+ .destroy = _destroy,
+ },
+ },
+ .peer = identification_create_from_string("%any"),
+ );
+
+ return &this->public;
+}
--- /dev/null
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_noauth_i xauth_noauth
+ * @{ @ingroup xauth_noauth
+ */
+
+#ifndef XAUTH_NOAUTH_H_
+#define XAUTH_NOAUTH_H_
+
+typedef struct xauth_noauth_t xauth_noauth_t;
+
+#include <sa/xauth/xauth_method.h>
+
+/**
+ * Implementation of the xauth_method_t interface that does not actually do
+ * any authentication but simply concludes the XAuth exchange successfully.
+ */
+struct xauth_noauth_t {
+
+ /**
+ * Implemented xauth_method_t interface.
+ */
+ xauth_method_t xauth_method;
+};
+
+/**
+ * Creates the noauth XAuth method, acting as server.
+ *
+ * @param server ID of the XAuth server
+ * @param peer ID of the XAuth client
+ * @return xauth_noauth_t object
+ */
+xauth_noauth_t *xauth_noauth_create_server(identification_t *server,
+ identification_t *peer);
+
+#endif /** XAUTH_NOAUTH_H_ @}*/
--- /dev/null
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "xauth_noauth_plugin.h"
+#include "xauth_noauth.h"
+
+#include <daemon.h>
+
+METHOD(plugin_t, get_name, char*,
+ xauth_noauth_plugin_t *this)
+{
+ return "xauth-noauth";
+}
+
+METHOD(plugin_t, get_features, int,
+ xauth_noauth_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_CALLBACK(xauth_method_register, xauth_noauth_create_server),
+ PLUGIN_PROVIDE(XAUTH_SERVER, "noauth"),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ xauth_noauth_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *xauth_noauth_plugin_create()
+{
+ xauth_noauth_plugin_t *this;
+
+ INIT(this,
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ );
+
+ return &this->plugin;
+}
--- /dev/null
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup xauth_noauth xauth_noauth
+ * @ingroup cplugins
+ *
+ * @defgroup xauth_noauth_plugin xauth_noauth_plugin
+ * @{ @ingroup xauth_noauth
+ */
+
+#ifndef XAUTH_NOAUTH_PLUGIN_H_
+#define XAUTH_NOAUTH_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct xauth_noauth_plugin_t xauth_noauth_plugin_t;
+
+/**
+ * XAuth plugin that does not actually do any authentication but simply
+ * concludes the XAuth exchange successfully. This could be used to implement
+ * basic RSA authentication in cases where the client does not offer an option
+ * to disable XAuth.
+ */
+struct xauth_noauth_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** XAUTH_NOAUTH_PLUGIN_H_ @}*/
return NEED_MORE;
}
+METHOD(task_t, process_i_status, status_t,
+ private_xauth_t *this, message_t *message)
+{
+ cp_payload_t *cp;
+
+ cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1);
+ if (!cp || cp->get_type(cp) != CFG_ACK)
+ {
+ DBG1(DBG_IKE, "received invalid XAUTH status response");
+ return FAILED;
+ }
+ if (this->status != XAUTH_OK)
+ {
+ DBG1(DBG_IKE, "destroying IKE_SA after failed XAuth authentication");
+ return FAILED;
+ }
+ if (!establish(this))
+ {
+ return FAILED;
+ }
+ this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE);
+ lib->processor->queue_job(lib->processor, (job_t*)
+ adopt_children_job_create(this->ike_sa->get_id(this->ike_sa)));
+ return SUCCESS;
+}
+
METHOD(task_t, build_i, status_t,
private_xauth_t *this, message_t *message)
{
if (!this->xauth)
{
- cp_payload_t *cp;
+ cp_payload_t *cp = NULL;
this->xauth = load_method(this);
if (!this->xauth)
{
return FAILED;
}
- if (this->xauth->initiate(this->xauth, &cp) != NEED_MORE)
+ switch (this->xauth->initiate(this->xauth, &cp))
{
- return FAILED;
+ case NEED_MORE:
+ break;
+ case SUCCESS:
+ DESTROY_IF(cp);
+ this->status = XAUTH_OK;
+ this->public.task.process = _process_i_status;
+ return build_i_status(this, message);
+ default:
+ return FAILED;
}
message->add_payload(message, (payload_t *)cp);
return NEED_MORE;
return NEED_MORE;
}
-METHOD(task_t, process_i_status, status_t,
- private_xauth_t *this, message_t *message)
-{
- cp_payload_t *cp;
-
- cp = (cp_payload_t*)message->get_payload(message, CONFIGURATION_V1);
- if (!cp || cp->get_type(cp) != CFG_ACK)
- {
- DBG1(DBG_IKE, "received invalid XAUTH status response");
- return FAILED;
- }
- if (this->status != XAUTH_OK)
- {
- DBG1(DBG_IKE, "destroying IKE_SA after failed XAuth authentication");
- return FAILED;
- }
- if (!establish(this))
- {
- return FAILED;
- }
- this->ike_sa->set_condition(this->ike_sa, COND_XAUTH_AUTHENTICATED, TRUE);
- lib->processor->queue_job(lib->processor, (job_t*)
- adopt_children_job_create(this->ike_sa->get_id(this->ike_sa)));
- return SUCCESS;
-}
-
METHOD(task_t, process_i, status_t,
private_xauth_t *this, message_t *message)
{