Synchronize EAP-Identity of remote peer
authorMartin Willi <martin@revosec.ch>
Mon, 26 Jul 2010 13:10:54 +0000 (15:10 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 26 Jul 2010 13:10:54 +0000 (15:10 +0200)
src/libcharon/plugins/ha/ha_dispatcher.c
src/libcharon/plugins/ha/ha_ike.c
src/libcharon/plugins/ha/ha_message.c
src/libcharon/plugins/ha/ha_message.h

index 3c41466..51dee4d 100644 (file)
@@ -243,6 +243,7 @@ static void process_ike_update(private_ha_dispatcher_t *this,
        enumerator_t *enumerator;
        ike_sa_t *ike_sa = NULL;
        peer_cfg_t *peer_cfg = NULL;
+       auth_cfg_t *auth;
 
        enumerator = message->create_attribute_enumerator(message);
        while (enumerator->enumerate(enumerator, &attribute, &value))
@@ -264,6 +265,11 @@ static void process_ike_update(private_ha_dispatcher_t *this,
                        case HA_REMOTE_ID:
                                ike_sa->set_other_id(ike_sa, value.id->clone(value.id));
                                break;
+                       case HA_REMOTE_EAP_ID:
+                               auth = auth_cfg_create();
+                               auth->add(auth, AUTH_RULE_EAP_IDENTITY, value.id->clone(value.id));
+                               ike_sa->add_auth_cfg(ike_sa, FALSE, auth);
+                               break;
                        case HA_LOCAL_ADDR:
                                ike_sa->set_my_host(ike_sa, value.host->clone(value.host));
                                break;
index c7a7c58..67df391 100644 (file)
@@ -148,6 +148,7 @@ METHOD(listener_t, ike_updown, bool,
                u_int32_t extension, condition;
                host_t *addr;
                ike_sa_id_t *id;
+               identification_t *eap_id;
 
                peer_cfg = ike_sa->get_peer_cfg(ike_sa);
 
@@ -169,6 +170,11 @@ METHOD(listener_t, ike_updown, bool,
                m->add_attribute(m, HA_IKE_ID, id);
                m->add_attribute(m, HA_LOCAL_ID, ike_sa->get_my_id(ike_sa));
                m->add_attribute(m, HA_REMOTE_ID, ike_sa->get_other_id(ike_sa));
+               eap_id = ike_sa->get_other_eap_id(ike_sa);
+               if (!eap_id->equals(eap_id, ike_sa->get_other_id(ike_sa)))
+               {
+                       m->add_attribute(m, HA_REMOTE_EAP_ID, eap_id);
+               }
                m->add_attribute(m, HA_LOCAL_ADDR, ike_sa->get_my_host(ike_sa));
                m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
                m->add_attribute(m, HA_CONDITIONS, condition);
index 16e214b..7ce9cbe 100644 (file)
@@ -163,6 +163,7 @@ METHOD(ha_message_t, add_attribute, void,
                /* identification_t* */
                case HA_LOCAL_ID:
                case HA_REMOTE_ID:
+               case HA_REMOTE_EAP_ID:
                {
                        identification_encoding_t *enc;
                        identification_t *id;
@@ -360,6 +361,7 @@ METHOD(enumerator_t, attribute_enumerate, bool,
                /* identification_t* */
                case HA_LOCAL_ID:
                case HA_REMOTE_ID:
+               case HA_REMOTE_EAP_ID:
                {
                        identification_encoding_t *enc;
 
index 4034dbe..50e1183 100644 (file)
@@ -82,6 +82,8 @@ enum ha_message_attribute_t {
        HA_LOCAL_ID,
        /** identification_t*, remote identity */
        HA_REMOTE_ID,
+       /** identification_t*, remote EAP identity */
+       HA_REMOTE_EAP_ID,
        /** host_t*, local address */
        HA_LOCAL_ADDR,
        /** host_t*, remote address */