vici: Support multiple named raw ublic keys

author Andreas Steffen <andreas.steffen@strongswan.org>

Sat, 9 Jan 2016 23:12:57 +0000 (00:12 +0100)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Sat, 9 Jan 2016 23:12:57 +0000 (00:12 +0100)
author Andreas Steffen <andreas.steffen@strongswan.org>
Sat, 9 Jan 2016 23:12:57 +0000 (00:12 +0100)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Sat, 9 Jan 2016 23:12:57 +0000 (00:12 +0100)
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c

index b0615df5ba3bb486601b58166c713096207aa75d..6cbe5012e977ae14e529295365e4b65eac2d7bdd 100644 (file)
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -1542,39 +1542,43 @@ CALLBACK(peer_sn, bool,
                         .request = peer->request,
                         .cfg = auth_cfg_create(),
                 };
+               auth_rule_t rule;
                 certificate_t *cert;
+               pubkey_cert_t *pubkey_cert;
                 identification_t *id;
+               enumerator_t *enumerator;
+               bool default_id = FALSE;
  
                 if (!message->parse(message, ctx, NULL, auth_kv, auth_li, &auth))
                 {
                         auth.cfg->destroy(auth.cfg);
                         return FALSE;
                 }
-               cert = auth.cfg->get(auth.cfg, AUTH_RULE_SUBJECT_CERT);
                 id   = auth.cfg->get(auth.cfg, AUTH_RULE_IDENTITY);
  
-               if (cert)
+               enumerator = auth.cfg->create_enumerator(auth.cfg);
+               while (enumerator->enumerate(enumerator, &rule, &cert))
                 {
-                       if (id)
+                       if (rule == AUTH_RULE_SUBJECT_CERT && !default_id)
                         {
-                               if (cert->get_type(cert) == CERT_TRUSTED_PUBKEY &&
-                                       id->get_type != ID_ANY)
+                               if (id == NULL)
                                 {
-                                       pubkey_cert_t *pubkey_cert;
-
-                                       /* the id is set for informational purposes, only */
+                                       id = cert->get_subject(cert);
+                                       DBG1(DBG_CFG, "  id not specified, defaulting to"
+                                                                 " cert subject '%Y'", id);
+                                       auth.cfg->add(auth.cfg, AUTH_RULE_IDENTITY, id->clone(id));
+                                       default_id = TRUE;
+                               }
+                               else if (cert->get_type(cert) == CERT_TRUSTED_PUBKEY &&
+                                                id->get_type != ID_ANY)
+                               {
+                                       /* set the subject of all raw public keys to the id */
                                         pubkey_cert = (pubkey_cert_t*)cert;
                                         pubkey_cert->set_subject(pubkey_cert, id);
                                 }
                         }
-                       else
-                       {
-                               id = cert->get_subject(cert);
-                               DBG1(DBG_CFG, "  id not specified, defaulting to cert id '%Y'",
-                                        id);
-                               auth.cfg->add(auth.cfg, AUTH_RULE_IDENTITY, id->clone(id));
-                       }
                 }
+               enumerator->destroy(enumerator);
  
                 if (strcasepfx(name, "local"))
                 {
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Sat, 9 Jan 2016 23:12:57 +0000 (00:12 +0100)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Sat, 9 Jan 2016 23:12:57 +0000 (00:12 +0100)