From: Martin Willi Date: Thu, 28 Nov 2019 09:09:30 +0000 (+0100) Subject: vici: Introduce a ca_id option identity based CA certificate constraints X-Git-Tag: 5.8.2rc1~6^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c71a3201f5602c86fd7bb0adfb8f06f59b0830d;p=thirdparty%2Fstrongswan.git vici: Introduce a ca_id option identity based CA certificate constraints --- diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 49ebea44b0..1bbad139ee 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -373,6 +373,9 @@ static void log_auth(auth_cfg_t *auth) case AUTH_RULE_IDENTITY: DBG2(DBG_CFG, " id = %Y", v.id); break; + case AUTH_RULE_CA_IDENTITY: + DBG2(DBG_CFG, " ca_id = %Y", v.id); + break; case AUTH_RULE_AAA_IDENTITY: DBG2(DBG_CFG, " aaa_id = %Y", v.id); break; @@ -1360,6 +1363,15 @@ CALLBACK(parse_ike_id, bool, return parse_id(cfg, AUTH_RULE_IDENTITY, v); } +/** + * Parse CA identity constraint + */ +CALLBACK(parse_ca_id, bool, + auth_cfg_t *cfg, chunk_t v) +{ + return parse_id(cfg, AUTH_RULE_CA_IDENTITY, v); +} + /** * Parse AAA identity */ @@ -1755,6 +1767,7 @@ CALLBACK(auth_kv, bool, parse_rule_t rules[] = { { "auth", parse_auth, auth->cfg }, { "id", parse_ike_id, auth->cfg }, + { "ca_id", parse_ca_id, auth->cfg }, { "aaa_id", parse_aaa_id, auth->cfg }, { "eap_id", parse_eap_id, auth->cfg }, { "xauth_id", parse_xauth_id, auth->cfg }, diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 81d692c84b..ad07ff12d0 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -765,6 +765,9 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b) case AUTH_RULE_IDENTITY: b->add_kv(b, "id", "%Y", v.id); break; + case AUTH_RULE_CA_IDENTITY: + b->add_kv(b, "ca_id", "%Y", v.id); + break; case AUTH_RULE_AAA_IDENTITY: b->add_kv(b, "aaa_id", "%Y", v.id); break;