sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-07 00:01:49 -04:00
Code Issues Projects Releases Wiki Activity

ikev1: Default remote identity to %any for PSK lookup if not configured

Browse Source 
Otherwise, the remote identity is ignored when matching owner identities
of PSKs and this way matching PSKs that explicitly have %any assigned is
improved.

Fixes #2497.
This commit is contained in:
Tobias Brunner 2017-12-20 10:28:31 +01:00
parent a9f3016ef3
commit 419ae9a20a
1 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/libcharon/sa/ikev1/phase1.c
View File

@ -1,6 +1,6 @@
/* /*
* Copyright (C) 2012 Tobias Brunner * Copyright (C) 2012-2017 Tobias Brunner
* Hochschule fuer Technik Rapperswil * HSR Hochschule fuer Technik Rapperswil
* *
* Copyright (C) 2012 Martin Willi * Copyright (C) 2012 Martin Willi
* Copyright (C) 2012 revosec AG * Copyright (C) 2012 revosec AG
@ -101,6 +101,31 @@ static auth_cfg_t *get_auth_cfg(peer_cfg_t *peer_cfg, bool local)
return cfg; return cfg;
} }
/**
* Find a shared key for the given identities
*/
static shared_key_t *find_shared_key(identification_t *my_id, host_t *me,
identification_t *other_id, host_t *other)
{
identification_t *any_id = NULL;
shared_key_t *shared_key;
if (!other_id)
{
any_id = identification_create_from_encoding(ID_ANY, chunk_empty);
other_id = any_id;
}
shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE,
my_id, other_id);
if (!shared_key)
{
DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]",
my_id, me, other_id, other);
}
DESTROY_IF(any_id);
return shared_key;
}
/** /**
* Lookup a shared secret for this IKE_SA * Lookup a shared secret for this IKE_SA
*/ */
@ -131,15 +156,9 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this,
{ {
other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY); other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY);
} }
if (my_id && other_id) if (my_id)
{ {
shared_key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, shared_key = find_shared_key(my_id, me, other_id, other);
my_id, other_id);
if (!shared_key)
{
DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]",
my_id, me, other_id, other);
}
} }
} }
} }
@ -158,14 +177,11 @@ static shared_key_t *lookup_shared_key(private_phase1_t *this,
other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY); other_id = other_auth->get(other_auth, AUTH_RULE_IDENTITY);
if (my_id) if (my_id)
{ {
shared_key = lib->credmgr->get_shared(lib->credmgr, shared_key = find_shared_key(my_id, me, other_id, other);
SHARED_IKE, my_id, other_id);
if (shared_key) if (shared_key)
{ {
break; break;
} }
DBG1(DBG_IKE, "no shared key found for '%Y'[%H] - '%Y'[%H]",
my_id, me, other_id, other);
} }
} }
} }