From: Martin Willi <martin@revosec.ch>
Date: Thu, 15 Dec 2011 12:12:42 +0000 (+0100)
Subject: Pass ipsec.conf xauth_identity option via stroke to charon configurations
X-Git-Tag: 5.0.0~338^2~9^2~196
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=21a4fc832ea64a6abb194a14ee64ff42ca214a44;p=thirdparty%2Fstrongswan.git

Pass ipsec.conf xauth_identity option via stroke to charon configurations
---

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index fec28c1ef6..c4b218d1bf 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -479,6 +479,11 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 			cfg->add(cfg, AUTH_RULE_XAUTH_BACKEND, strdup(++pos));
 		}
 		cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_XAUTH);
+		if (msg->add_conn.xauth_identity)
+		{
+			cfg->add(cfg, AUTH_RULE_XAUTH_IDENTITY,
+				identification_create_from_string(msg->add_conn.xauth_identity));
+		}
 	}
 	else if (strneq(auth, "eap", 3))
 	{
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 0f7a6040f8..7a14be0cf5 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -181,12 +181,14 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
 	pop_end(msg, "right", &msg->add_conn.other);
 	pop_string(msg, &msg->add_conn.eap_identity);
 	pop_string(msg, &msg->add_conn.aaa_identity);
+	pop_string(msg, &msg->add_conn.xauth_identity);
 	pop_string(msg, &msg->add_conn.algorithms.ike);
 	pop_string(msg, &msg->add_conn.algorithms.esp);
 	pop_string(msg, &msg->add_conn.ikeme.mediated_by);
 	pop_string(msg, &msg->add_conn.ikeme.peerid);
 	DBG2(DBG_CFG, "  eap_identity=%s", msg->add_conn.eap_identity);
 	DBG2(DBG_CFG, "  aaa_identity=%s", msg->add_conn.aaa_identity);
+	DBG2(DBG_CFG, "  xauth_identity=%s", msg->add_conn.xauth_identity);
 	DBG2(DBG_CFG, "  ike=%s", msg->add_conn.algorithms.ike);
 	DBG2(DBG_CFG, "  esp=%s", msg->add_conn.algorithms.esp);
 	DBG2(DBG_CFG, "  dpddelay=%d", msg->add_conn.dpd.delay);
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index e399b1c041..628d63214b 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -220,6 +220,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	msg.add_conn.eap_vendor = conn->eap_vendor;
 	msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
 	msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
+	msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
 
 	if (conn->policy & POLICY_TUNNEL)
 	{
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index f3c525ba7d..3350d76033 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -246,6 +246,7 @@ struct stroke_msg_t {
 			u_int32_t eap_vendor;
 			char *eap_identity;
 			char *aaa_identity;
+			char *xauth_identity;
 			int mode;
 			int mobike;
 			int force_encap;