From e6e975ff9d0938b86f71e234372f58a0da002906 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 19 Feb 2014 15:25:10 +0100 Subject: [PATCH] vici: Support missing groups option in auth config --- src/libcharon/plugins/vici/vici_config.c | 25 +++++++++++++++++++++++- src/libcharon/plugins/vici/vici_query.c | 12 ++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 62170a91f0..b08d1b0024 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -243,6 +243,9 @@ static void log_auth(auth_cfg_t *auth) case AUTH_RULE_XAUTH_IDENTITY: DBG2(DBG_CFG, " xauth_id = %Y", v.id); break; + case AUTH_RULE_GROUP: + DBG2(DBG_CFG, " group = %Y", v.id); + break; default: break; } @@ -949,6 +952,15 @@ CALLBACK(parse_xauth_id, bool, return parse_id(cfg, AUTH_RULE_XAUTH_IDENTITY, v); } +/** + * Parse group membership + */ +CALLBACK(parse_group, bool, + auth_cfg_t *cfg, chunk_t v) +{ + return parse_id(cfg, AUTH_RULE_GROUP, v); +} + /** * Parse revocation status */ @@ -1129,6 +1141,17 @@ CALLBACK(child_kv, bool, &child->request->reply); } +CALLBACK(auth_li, bool, + auth_data_t *auth, vici_message_t *message, char *name, chunk_t value) +{ + parse_rule_t rules[] = { + { "groups", parse_group, auth->cfg }, + }; + + return parse_rules(rules, countof(rules), name, value, + &auth->request->reply); +} + CALLBACK(auth_kv, bool, auth_data_t *auth, vici_message_t *message, char *name, chunk_t value) { @@ -1272,7 +1295,7 @@ CALLBACK(peer_sn, bool, .cfg = auth_cfg_create(), }; - if (!message->parse(message, ctx, NULL, auth_kv, NULL, &auth)) + if (!message->parse(message, ctx, NULL, auth_kv, auth_li, &auth)) { auth.cfg->destroy(auth.cfg); return FALSE; diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 6656abe38b..59037b6222 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -539,6 +539,18 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b) } rules->destroy(rules); + b->begin_list(b, "groups"); + rules = auth->create_enumerator(auth); + while (rules->enumerate(rules, &rule, &v)) + { + if (rule == AUTH_RULE_GROUP) + { + b->add_li(b, "%Y", v.id); + } + } + rules->destroy(rules); + b->end_list(b); + b->end_section(b); } enumerator->destroy(enumerator);