starter: Parse authby as string.

2025-10-05 00:00:45 -04:00 · 2012-05-14 17:36:46 +02:00 · 2012-05-14 17:36:46 +02:00 · e838c39ba9
commit e838c39ba9
parent 041e763b77
4 changed files with 29 additions and 61 deletions
--- a/src/starter/args.c
+++ b/src/starter/args.c
@ -155,6 +155,20 @@ static const char *LST_klipsdebug[] = {
 	 NULL
 };

+static const char *LST_authby[] = {
+	"psk",
+	"secret",
+	"pubkey",
+	"rsa",
+	"rsasig",
+	"ecdsa",
+	"ecdsasig",
+	"xauthpsk",
+	"xauthrsasig",
+	"never",
+	 NULL
+};
+
 typedef struct {
 	arg_t       type;
 	size_t      offset;
@ -206,7 +220,7 @@ static const token_info_t token_info[] =
 	{ ARG_ENUM, offsetof(starter_conn_t, install_policy), LST_bool                 },
 	{ ARG_ENUM, offsetof(starter_conn_t, aggressive), LST_bool                     },
 	{ ARG_MISC, 0, NULL  /* KW_AUTH */                                             },
-	{ ARG_MISC, 0, NULL  /* KW_AUTHBY */                                           },
+	{ ARG_STR,  offsetof(starter_conn_t, authby), LST_authby                       },
 	{ ARG_STR,  offsetof(starter_conn_t, eap_identity), NULL                       },
 	{ ARG_STR,  offsetof(starter_conn_t, aaa_identity), NULL                       },
 	{ ARG_MISC, 0, NULL  /* KW_MOBIKE */                                           },
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@ -588,56 +588,6 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
 		case KW_AUTH:
 			KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE)
 			break;
-		case KW_AUTHBY:
-			conn->policy &= ~(POLICY_ID_AUTH_MASK | POLICY_ENCRYPT);
-
-			if (!streq(kw->value, "never"))
-			{
-				char *value = kw->value;
-				char *second = strchr(kw->value, '|');
-
-				if (second != NULL)
-				{
-					*second = '\0';
-				}
-
-				/* also handles the cases secret|rsasig and rsasig|secret */
-				for (;;)
-				{
-					if (streq(value, "rsa")   || streq(value, "rsasig")   ||
-						streq(value, "ecdsa") || streq(value, "ecdsasig") ||
-						streq(value, "pubkey"))
-					{
-						conn->policy |= POLICY_PUBKEY | POLICY_ENCRYPT;
-					}
-					else if (streq(value, "secret") || streq(value, "psk"))
-					{
-						conn->policy |= POLICY_PSK | POLICY_ENCRYPT;
-					}
-					else if (streq(value, "xauthrsasig"))
-					{
-						conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT;
-					}
-					else if (streq(value, "xauthpsk"))
-					{
-						conn->policy |= POLICY_XAUTH_PSK | POLICY_ENCRYPT;
-					}
-					else
-					{
-						DBG1(DBG_APP, "# bad policy value: %s=%s",
-							 kw->entry->name, kw->value);
-						cfg->err++;
-						break;
-					}
-					if (second == NULL)
-					{
-						break;
-					}
-					value = second;
-					second = NULL; /* traverse the loop no more than twice */
-				}
-			}
-			break;
 		case KW_MARK:
 			if (!handle_mark(kw->value, &conn->mark_in))
 			{
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@ -111,14 +111,15 @@ struct starter_conn {
 		char            *eap_identity;
 		char            *aaa_identity;
 		char            *xauth_identity;
+		char            *authby;
 		lset_t          policy;
 		time_t          sa_ike_life_seconds;
 		time_t          sa_ipsec_life_seconds;
 		time_t          sa_rekey_margin;
-		u_int64_t	sa_ipsec_life_bytes;
-		u_int64_t	sa_ipsec_margin_bytes;
-		u_int64_t	sa_ipsec_life_packets;
-		u_int64_t	sa_ipsec_margin_packets;
+		u_int64_t       sa_ipsec_life_bytes;
+		u_int64_t       sa_ipsec_margin_bytes;
+		u_int64_t       sa_ipsec_life_packets;
+		u_int64_t       sa_ipsec_margin_packets;
 		unsigned long   sa_keying_tries;
 		unsigned long   sa_rekey_fuzz;
 		u_int32_t       reqid;
@ -171,7 +172,7 @@ struct starter_ca {
 		char            *crluri2;
 		char            *ocspuri;
 		char            *ocspuri2;
-		char        *certuribase;
+		char            *certuribase;

 		bool            strict;

--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@ -270,19 +270,22 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
 	starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);

-	if (!msg.add_conn.me.auth && !msg.add_conn.other.auth)
+	if (!msg.add_conn.me.auth && !msg.add_conn.other.auth &&
+		 conn->authby)
 	{	/* leftauth/rightauth not set, use legacy options */
-		if (conn->policy & POLICY_PUBKEY)
+		if (streq(conn->authby, "rsa")   || streq(conn->authby, "rsasig")   ||
+			streq(conn->authby, "ecdsa") || streq(conn->authby, "ecdsasig") ||
+			streq(conn->authby, "pubkey"))
 		{
 			msg.add_conn.me.auth = push_string(&msg, "pubkey");
 			msg.add_conn.other.auth = push_string(&msg, "pubkey");
 		}
-		else if (conn->policy & POLICY_PSK)
+		else if (streq(conn->authby, "secret") || streq(conn->authby, "psk"))
 		{
 			msg.add_conn.me.auth = push_string(&msg, "psk");
 			msg.add_conn.other.auth = push_string(&msg, "psk");
 		}
-		else if (conn->policy & POLICY_XAUTH_RSASIG)
+		else if (streq(conn->authby, "xauthrsasig"))
 		{
 			msg.add_conn.me.auth = push_string(&msg, "pubkey");
 			msg.add_conn.other.auth = push_string(&msg, "pubkey");
@ -295,7 +298,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 				msg.add_conn.me.auth2 = push_string(&msg, "xauth");
 			}
 		}
-		else if (conn->policy & POLICY_XAUTH_PSK)
+		else if (streq(conn->authby, "xauthpsk"))
 		{
 			msg.add_conn.me.auth = push_string(&msg, "psk");
 			msg.add_conn.other.auth = push_string(&msg, "psk");