vici: Introduce a ca_id option identity based CA certificate constraints

author Martin Willi <martin@strongswan.org>

Thu, 28 Nov 2019 09:09:30 +0000 (10:09 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 6 Dec 2019 09:07:46 +0000 (10:07 +0100)
author Martin Willi <martin@strongswan.org>
Thu, 28 Nov 2019 09:09:30 +0000 (10:09 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 6 Dec 2019 09:07:46 +0000 (10:07 +0100)
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c

index 49ebea44b04a5c56f41de5c0e0fad6b57d4eee04..1bbad139eeb97b300c51a1538a197be08fd0d2ea 100644 (file)
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -373,6 +373,9 @@ static void log_auth(auth_cfg_t *auth)
                         case AUTH_RULE_IDENTITY:
                                 DBG2(DBG_CFG, "   id = %Y", v.id);
                                 break;
+                       case AUTH_RULE_CA_IDENTITY:
+                               DBG2(DBG_CFG, "   ca_id = %Y", v.id);
+                               break;
                         case AUTH_RULE_AAA_IDENTITY:
                                 DBG2(DBG_CFG, "   aaa_id = %Y", v.id);
                                 break;
@@ -1360,6 +1363,15 @@ CALLBACK(parse_ike_id, bool,
         return parse_id(cfg, AUTH_RULE_IDENTITY, v);
  }
  
+/**
+ * Parse CA identity constraint
+ */
+CALLBACK(parse_ca_id, bool,
+       auth_cfg_t *cfg, chunk_t v)
+{
+       return parse_id(cfg, AUTH_RULE_CA_IDENTITY, v);
+}
+
  /**
   * Parse AAA identity
   */
@@ -1755,6 +1767,7 @@ CALLBACK(auth_kv, bool,
         parse_rule_t rules[] = {
                 { "auth",                       parse_auth,                     auth->cfg                                       },
                 { "id",                         parse_ike_id,           auth->cfg                                       },
+               { "ca_id",                      parse_ca_id,            auth->cfg                                       },
                 { "aaa_id",                     parse_aaa_id,           auth->cfg                                       },
                 { "eap_id",                     parse_eap_id,           auth->cfg                                       },
                 { "xauth_id",           parse_xauth_id,         auth->cfg                                       },
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c

index 81d692c84b01168ae6aefaaa8860cb8ea43ccd47..ad07ff12d04748c7b207a67fff685bc2bf731c3c 100644 (file)
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -765,6 +765,9 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b)
                                 case AUTH_RULE_IDENTITY:
                                         b->add_kv(b, "id", "%Y", v.id);
                                         break;
+                               case AUTH_RULE_CA_IDENTITY:
+                                       b->add_kv(b, "ca_id", "%Y", v.id);
+                                       break;
                                 case AUTH_RULE_AAA_IDENTITY:
                                         b->add_kv(b, "aaa_id", "%Y", v.id);
                                         break;
author	Martin Willi <martin@strongswan.org>
	Thu, 28 Nov 2019 09:09:30 +0000 (10:09 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 6 Dec 2019 09:07:46 +0000 (10:07 +0100)
src/libcharon/plugins/vici/vici_config.c		patch \| blob \| blame \| history
src/libcharon/plugins/vici/vici_query.c		patch \| blob \| blame \| history