[Openswan dev] XAUTH Code for "Domain"
Michael H. Warfield
mhw at WittsEnd.com
Tue Jun 28 10:30:28 EDT 2011
I've had my nose stuck back in the xauth code trying to get some new
connections to work and it looks like there's a missing feature,
XAUTH_DOMAIN. I was playing with the NetworkManager-openswan pluggin
and I've have my connections which I have working using the cli now
working with NM. But a couple of connections have simply not worked and
I'm now realizing it's because they have a Domain parameter specified
(for which there was no option in the Openswan config files). The NM
pluggin has a "Domain" parameter but it's unclear what it's doing with
IAC... Looking in programs/pluto/xauth.c down around line 1241 is a
case statement checking the XAUTH attribute types. That's only handling
TYPE, USER_NAME, and PASSWORD - no DOMAIN. That appears to be handling
attribute responses, though (XAUTH Server?).
Down around 2593 is another case statement, same situation. It also has
a default case logging this message:
"XAUTH: Unsupported attribute: %s"
And indeed, I see this in my debugging logs:
| ****parse ISAKMP ModeCfg attribute:
| ModeCfg attr type: XAUTH-DOMAIN
| length/value: 0
"nm-conn1" #1: XAUTH: Unsupported attribute: XAUTH-DOMAIN
So, it looks like that support is just not there. In addition to the
XAUTH code itself, this would also require some parameter support in the
config files for a "domain" parameter.
Thoughts? Is this anything already on anyone's todo list?
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20110628/26a0b746/attachment.bin
More information about the Dev