*/
#include <daemon.h>
+#include <encoding/payloads/auth_payload.h>
+#include <utils/chunk.h>
#include <tkm/types.h>
#include "tkm_listener.h"
const isa_id_type isa_id = keymat->get_isa_id(keymat);
DBG1(DBG_IKE, "TKM authorize listener called for ISA context %llu", isa_id);
+ const chunk_t * const auth = keymat->get_auth_payload(keymat);
+ if (!auth->ptr)
+ {
+ DBG1(DBG_IKE, "no AUTHENTICATION data available");
+ *success = FALSE;
+ }
+
+ DBG1(DBG_IKE, "TKM based authentication successful"
+ " for ISA context %llu", isa_id);
*success = TRUE;
return TRUE;
}
+METHOD(listener_t, message, bool,
+ private_tkm_listener_t *this, ike_sa_t *ike_sa,
+ message_t *message, bool incoming, bool plain)
+{
+ if (!incoming || !plain || message->get_exchange_type(message) != IKE_AUTH)
+ {
+ return TRUE;
+ }
+
+ tkm_keymat_t * const keymat = (tkm_keymat_t*)ike_sa->get_keymat(ike_sa);
+ const isa_id_type isa_id = keymat->get_isa_id(keymat);
+ DBG1(DBG_IKE, "saving AUTHENTICATION payload for authorize hook"
+ " (ISA context %llu)", isa_id);
+
+ auth_payload_t * const auth_payload =
+ (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
+ if (auth_payload)
+ {
+ const chunk_t auth_data = auth_payload->get_data(auth_payload);
+ keymat->set_auth_payload(keymat, &auth_data);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "unable to extract AUTHENTICATION payload, authorize will"
+ " fail");
+ }
+
+ return TRUE;
+}
+
METHOD(tkm_listener_t, destroy, void,
private_tkm_listener_t *this)
{
.public = {
.listener = {
.authorize = _authorize,
+ .message = _message,
},
.destroy = _destroy,
},
projects / thirdparty / strongswan.git / commitdiff
