Pass ipsec.conf xauth_identity option via stroke to charon configurations

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index fec28c1ef6a40e66725ce3694b83a21e202c6bac..c4b218d1bf3d0e1c1d17c334fbc91e536f30ddb1 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -479,6 +479,11 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
                        cfg->add(cfg, AUTH_RULE_XAUTH_BACKEND, strdup(++pos));
                }
                cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_XAUTH);
+               if (msg->add_conn.xauth_identity)
+               {
+                       cfg->add(cfg, AUTH_RULE_XAUTH_IDENTITY,
+                               identification_create_from_string(msg->add_conn.xauth_identity));
+               }
        }
        else if (strneq(auth, "eap", 3))
        {

diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 0f7a6040f8d83b257e7e629127150e24615a95b9..7a14be0cf51d31add7af00a03b39c152033b24b5 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -181,12 +181,14 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
        pop_end(msg, "right", &msg->add_conn.other);
        pop_string(msg, &msg->add_conn.eap_identity);
        pop_string(msg, &msg->add_conn.aaa_identity);
+       pop_string(msg, &msg->add_conn.xauth_identity);
        pop_string(msg, &msg->add_conn.algorithms.ike);
        pop_string(msg, &msg->add_conn.algorithms.esp);
        pop_string(msg, &msg->add_conn.ikeme.mediated_by);
        pop_string(msg, &msg->add_conn.ikeme.peerid);
        DBG2(DBG_CFG, "  eap_identity=%s", msg->add_conn.eap_identity);
        DBG2(DBG_CFG, "  aaa_identity=%s", msg->add_conn.aaa_identity);
+       DBG2(DBG_CFG, "  xauth_identity=%s", msg->add_conn.xauth_identity);
        DBG2(DBG_CFG, "  ike=%s", msg->add_conn.algorithms.ike);
        DBG2(DBG_CFG, "  esp=%s", msg->add_conn.algorithms.esp);
        DBG2(DBG_CFG, "  dpddelay=%d", msg->add_conn.dpd.delay);

diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index e399b1c041afa21770ec216ef91e6b2b0bff0a6e..628d63214b5df8ce6911b7c275dd7d52fa0abd26 100644 (file)
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -220,6 +220,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
        msg.add_conn.eap_vendor = conn->eap_vendor;
        msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
        msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
+       msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
 
        if (conn->policy & POLICY_TUNNEL)
        {

diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index f3c525ba7d11ce6998e9027e73e2ec89d4717b43..3350d76033e193bcd9b55951f0d4b0b4211135b3 100644 (file)
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -246,6 +246,7 @@ struct stroke_msg_t {
                        u_int32_t eap_vendor;
                        char *eap_identity;
                        char *aaa_identity;
+                       char *xauth_identity;
                        int mode;
                        int mobike;
                        int force_encap;