starter: Parse authby as string.
authorTobias Brunner <tobias@strongswan.org>
Mon, 14 May 2012 15:36:46 +0000 (17:36 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 11 Jun 2012 15:33:30 +0000 (17:33 +0200)
src/starter/args.c
src/starter/confread.c
src/starter/confread.h
src/starter/starterstroke.c

index 00d66ea..3360646 100644 (file)
@@ -155,6 +155,20 @@ static const char *LST_klipsdebug[] = {
         NULL
 };
 
+static const char *LST_authby[] = {
+       "psk",
+       "secret",
+       "pubkey",
+       "rsa",
+       "rsasig",
+       "ecdsa",
+       "ecdsasig",
+       "xauthpsk",
+       "xauthrsasig",
+       "never",
+        NULL
+};
+
 typedef struct {
        arg_t       type;
        size_t      offset;
@@ -206,7 +220,7 @@ static const token_info_t token_info[] =
        { ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool                 },
        { ARG_ENUM, offsetof(starter_conn_t, aggressive), LST_bool                     },
        { ARG_MISC, 0, NULL  /* KW_AUTH */                                             },
-       { ARG_MISC, 0, NULL  /* KW_AUTHBY */                                           },
+       { ARG_STR,  offsetof(starter_conn_t, authby), LST_authby                       },
        { ARG_STR,  offsetof(starter_conn_t, eap_identity), NULL                       },
        { ARG_STR,  offsetof(starter_conn_t, aaa_identity), NULL                       },
        { ARG_MISC, 0, NULL  /* KW_MOBIKE */                                           },
index 47afc55..d78db5b 100644 (file)
@@ -588,56 +588,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
                case KW_AUTH:
                        KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE)
                        break;
-               case KW_AUTHBY:
-                       conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT);
-
-                       if (!streq(kw->value, "never"))
-                       {
-                               char *value = kw->value;
-                               char *second = strchr(kw->value, '|');
-
-                               if (second != NULL)
-                               {
-                                       *second = '\0';
-                               }
-
-                               /* also handles the cases secret|rsasig and rsasig|secret */
-                               for (;;)
-                               {
-                                       if (streq(value, "rsa")   || streq(value, "rsasig")   ||
-                                               streq(value, "ecdsa") || streq(value, "ecdsasig") ||
-                                               streq(value, "pubkey"))
-                                       {
-                                               conn->policy |= POLICY_PUBKEY | POLICY_ENCRYPT;
-                                       }
-                                       else if (streq(value, "secret") || streq(value, "psk"))
-                                       {
-                                               conn->policy |= POLICY_PSK | POLICY_ENCRYPT;
-                                       }
-                                       else if (streq(value, "xauthrsasig"))
-                                       {
-                                               conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT;
-                                       }
-                                       else if (streq(value, "xauthpsk"))
-                                       {
-                                               conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT;
-                                       }
-                                       else
-                                       {
-                                               DBG1(DBG_APP, "# bad policy value: %s=%s",
-                                                        kw->entry->name, kw->value);
-                                               cfg->err++;
-                                               break;
-                                       }
-                                       if (second == NULL)
-                                       {
-                                               break;
-                                       }
-                                       value = second;
-                                       second = NULL; /* traverse the loop no more than twice */
-                               }
-                       }
-                       break;
                case KW_MARK:
                        if (!handle_mark(kw->value, &conn->mark_in))
                        {
index c142961..0907997 100644 (file)
@@ -111,14 +111,15 @@ struct starter_conn {
                char            *eap_identity;
                char            *aaa_identity;
                char            *xauth_identity;
+               char            *authby;
                lset_t          policy;
                time_t          sa_ike_life_seconds;
                time_t          sa_ipsec_life_seconds;
                time_t          sa_rekey_margin;
-               u_int64_t       sa_ipsec_life_bytes;
-               u_int64_t       sa_ipsec_margin_bytes;
-               u_int64_t       sa_ipsec_life_packets;
-               u_int64_t       sa_ipsec_margin_packets;
+               u_int64_t       sa_ipsec_life_bytes;
+               u_int64_t       sa_ipsec_margin_bytes;
+               u_int64_t       sa_ipsec_life_packets;
+               u_int64_t       sa_ipsec_margin_packets;
                unsigned long   sa_keying_tries;
                unsigned long   sa_rekey_fuzz;
                u_int32_t       reqid;
@@ -171,7 +172,7 @@ struct starter_ca {
                char            *crluri2;
                char            *ocspuri;
                char            *ocspuri2;
-               char        *certuribase;
+               char            *certuribase;
 
                bool            strict;
 
index bef7ede..6cd9b6c 100644 (file)
@@ -270,19 +270,22 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
        starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
        starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);
 
-       if (!msg.add_conn.me.auth && !msg.add_conn.other.auth)
+       if (!msg.add_conn.me.auth && !msg.add_conn.other.auth &&
+                conn->authby)
        {       /* leftauth/rightauth not set, use legacy options */
-               if (conn->policy & POLICY_PUBKEY)
+               if (streq(conn->authby, "rsa")   || streq(conn->authby, "rsasig")   ||
+                       streq(conn->authby, "ecdsa") || streq(conn->authby, "ecdsasig") ||
+                       streq(conn->authby, "pubkey"))
                {
                        msg.add_conn.me.auth = push_string(&msg, "pubkey");
                        msg.add_conn.other.auth = push_string(&msg, "pubkey");
                }
-               else if (conn->policy & POLICY_PSK)
+               else if (streq(conn->authby, "secret") || streq(conn->authby, "psk"))
                {
                        msg.add_conn.me.auth = push_string(&msg, "psk");
                        msg.add_conn.other.auth = push_string(&msg, "psk");
                }
-               else if (conn->policy & POLICY_XAUTH_RSASIG)
+               else if (streq(conn->authby, "xauthrsasig"))
                {
                        msg.add_conn.me.auth = push_string(&msg, "pubkey");
                        msg.add_conn.other.auth = push_string(&msg, "pubkey");
@@ -295,7 +298,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
                                msg.add_conn.me.auth2 = push_string(&msg, "xauth");
                        }
                }
-               else if (conn->policy & POLICY_XAUTH_PSK)
+               else if (streq(conn->authby, "xauthpsk"))
                {
                        msg.add_conn.me.auth = push_string(&msg, "psk");
                        msg.add_conn.other.auth = push_string(&msg, "psk");