* find a matching secret
*/
static bool
-xauth_verify_secret(const char *conn_name, const xauth_t *xauth_secret)
+xauth_verify_secret(const xauth_peer_t *peer, const xauth_t *xauth_secret)
{
bool found = FALSE;
secret_t *s;
}
else
{
+ xauth_peer_t peer;
+
+ peer.conn_name = st->st_connection->name;
+ addrtot(&md->sender, 0, peer.ip_address, sizeof(peer.ip_address));
+ idtoa(&md->st->st_connection->spd.that.id, peer.id, sizeof(peer.id));
+
DBG(DBG_CONTROL,
DBG_log("peer xauth user name is '%.*s'"
, ia.xauth_secret.user_name.len
, ia.xauth_secret.user_password.len
, ia.xauth_secret.user_password.ptr)
)
- /* verify the user credentials using a plugn function */
- st->st_xauth.status = xauth_module.verify_secret(st->st_connection->name
- , &ia.xauth_secret);
+ /* verify the user credentials using a plugin function */
+ st->st_xauth.status = xauth_module.verify_secret(&peer, &ia.xauth_secret);
plog("extended authentication %s", st->st_xauth.status? "was successful":"failed");
}
DBG_log("xauth module: found get_secret() function");
}
)
- xauth_module.verify_secret = (bool (*) (const char*, const xauth_t*))
+ xauth_module.verify_secret = (bool (*) (const xauth_peer_t*, const xauth_t*))
dlsym(xauth_module.handle, "verify_secret");
DBG(DBG_CONTROL,
if (xauth_module.verify_secret != NULL)
#ifndef _XAUTH_H
#define _XAUTH_H
+#include <freeswan.h>
+#include "defs.h"
+
/* XAUTH credentials */
struct chunk_t;
typedef struct {
+ char *conn_name;
+ char id[BUF_LEN];
+ char ip_address[ADDRTOT_BUF];
+} xauth_peer_t;
+
+typedef struct {
chunk_t user_name;
chunk_t user_password;
} xauth_t;
typedef struct {
void *handle;
bool (*get_secret) (xauth_t *xauth_secret);
- bool (*verify_secret) (const char *conn_name, const xauth_t *xauth_secret);
+ bool (*verify_secret) (const xauth_peer_t *peer, const xauth_t *xauth_secret);
} xauth_module_t;
extern xauth_module_t xauth_module;