[Openswan dev] XAUTH Code for "Domain"

Michael H. Warfield mhw at WittsEnd.com
Tue Jun 28 10:30:28 EDT 2011 

Hey all,

I've had my nose stuck back in the xauth code trying to get some new
connections to work and it looks like there's a missing feature,
XAUTH_DOMAIN.  I was playing with the NetworkManager-openswan pluggin
and I've have my connections which I have working using the cli now
working with NM.  But a couple of connections have simply not worked and
I'm now realizing it's because they have a Domain parameter specified
(for which there was no option in the Openswan config files).  The NM
pluggin has a "Domain" parameter but it's unclear what it's doing with
the value.

IAC...  Looking in programs/pluto/xauth.c down around line 1241 is a
case statement checking the XAUTH attribute types.  That's only handling
TYPE, USER_NAME, and PASSWORD - no DOMAIN.  That appears to be handling
attribute responses, though (XAUTH Server?).


Down around 2593 is another case statement, same situation.  It also has
a default case logging this message:

"XAUTH:  Unsupported attribute: %s"

And indeed, I see this in my debugging logs:

| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: XAUTH-DOMAIN
|    length/value: 0
"nm-conn1" #1: XAUTH: Unsupported attribute: XAUTH-DOMAIN

So, it looks like that support is just not there.  In addition to the
XAUTH code itself, this would also require some parameter support in the
config files for a "domain" parameter.

Thoughts?  Is this anything already on anyone's todo list?

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20110628/26a0b746/attachment.bin

More information about the Dev mailing list