Skip to content

Commit

Permalink
SSO flag is added in xauth attributes
Browse files Browse the repository at this point in the history
  • Loading branch information
@rishipal-Sophos
rishipal-Sophos committed Nov 28, 2024
1 parent d6de793 commit d6358e7
Show file tree
Hide file tree
Showing 8 changed files with 42 additions and 4 deletions.
8 changes: 6 additions & 2 deletions src/libcharon/attributes/attributes.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,9 @@ ENUM_NEXT(configuration_attribute_type_names, XAUTH_TYPE, XAUTH_ANSWER, INTERNAL
"XAUTH_STATUS",
"XAUTH_NEXT_PIN",
"XAUTH_ANSWER");
ENUM_NEXT(configuration_attribute_type_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, XAUTH_ANSWER,
ENUM_NEXT(configuration_attribute_type_names, XAUTH_SSO_FLAG, XAUTH_SSO_FLAG, XAUTH_ANSWER,
"XAUTH_SSO_FLAG");
ENUM_NEXT(configuration_attribute_type_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, XAUTH_SSO_FLAG,
"INTERNAL_IP4_SERVER",
"INTERNAL_IP6_SERVER");
ENUM_NEXT(configuration_attribute_type_names, UNITY_BANNER, UNITY_DDNS_HOSTNAME, INTERNAL_IP6_SERVER,
Expand Down Expand Up @@ -110,7 +112,9 @@ ENUM_NEXT(configuration_attribute_type_short_names, XAUTH_TYPE, XAUTH_ANSWER, IN
"X_STATUS",
"X_PIN",
"X_ANSWER");
ENUM_NEXT(configuration_attribute_type_short_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, XAUTH_ANSWER,
ENUM_NEXT(configuration_attribute_type_short_names, XAUTH_SSO_FLAG, XAUTH_SSO_FLAG, XAUTH_ANSWER,
"X_SSO");
ENUM_NEXT(configuration_attribute_type_short_names, INTERNAL_IP4_SERVER, INTERNAL_IP6_SERVER, XAUTH_SSO_FLAG,
"SRV",
"SRV6");
ENUM_NEXT(configuration_attribute_type_short_names, UNITY_BANNER, UNITY_DDNS_HOSTNAME, INTERNAL_IP6_SERVER,
Expand Down
2 changes: 2 additions & 0 deletions src/libcharon/attributes/attributes.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ enum configuration_attribute_type_t {
XAUTH_STATUS = 16527,
XAUTH_NEXT_PIN = 16528,
XAUTH_ANSWER = 16529,
/* proprietary Sophos attributes */
XAUTH_SSO_FLAG = 17001,
/* proprietary Microsoft attributes */
INTERNAL_IP4_SERVER = 23456,
INTERNAL_IP6_SERVER = 23457,
Expand Down
1 change: 1 addition & 0 deletions src/libcharon/encoding/payloads/configuration_attribute.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,7 @@ METHOD(payload_t, verify, status_t,
case UNITY_FW_TYPE:
case UNITY_BACKUP_SERVERS:
case UNITY_DDNS_HOSTNAME:
case XAUTH_SSO_FLAG:
/* any length acceptable */
break;
default:
Expand Down
6 changes: 6 additions & 0 deletions src/libcharon/plugins/vici/vici_cred.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,12 @@ CALLBACK(load_shared, vici_message_t*,
{
type = SHARED_EAP;
}

else if (strcaseeq(str, "sso_flag"))
{
type = SHARED_SSO_FLAG;
}

else if (strcaseeq(str, "ntlm"))
{
type = SHARED_NT_HASH;
Expand Down
21 changes: 21 additions & 0 deletions src/libcharon/plugins/xauth_generic/xauth_generic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,27 @@ METHOD(xauth_method_t, process_peer, status_t,
PLV1_CONFIGURATION_ATTRIBUTE, attr->get_type(attr),
shared->get_key(shared)));
shared->destroy(shared);

shared = lib->credmgr->get_shared(lib->credmgr,
SHARED_SSO_FLAG,
this->peer,
this->server);

if (!shared)
{
DBG1(DBG_IKE, "no XAuth %s found for '%Y' - '%Y'", "SSO_Flag",
this->peer, this->server);
enumerator->destroy(enumerator);
cp->destroy(cp);
return FAILED;
}

cp->add_attribute(cp, configuration_attribute_create_chunk(
PLV1_CONFIGURATION_ATTRIBUTE, XAUTH_SSO_FLAG,
shared->get_key(shared)));

shared->destroy(shared);

break;
default:
break;
Expand Down
3 changes: 2 additions & 1 deletion src/libstrongswan/credentials/keys/shared_key.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,15 @@

#include "shared_key.h"

ENUM(shared_key_type_names, SHARED_ANY, SHARED_PPK,
ENUM(shared_key_type_names, SHARED_ANY, SHARED_SSO_FLAG,
"ANY",
"IKE",
"EAP",
"PRIVATE_KEY_PASS",
"PIN",
"NTLM",
"PPK",
"SSO_FLAG",
);

typedef struct private_shared_key_t private_shared_key_t;
Expand Down
2 changes: 2 additions & 0 deletions src/libstrongswan/credentials/keys/shared_key.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ enum shared_key_type_t {
SHARED_NT_HASH,
/** Postquantum Preshared Key */
SHARED_PPK,
/*Key for SSO flag*/
SHARED_SSO_FLAG,
};

/**
Expand Down
3 changes: 2 additions & 1 deletion src/swanctl/commands/load_creds.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -677,6 +677,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
"pkcs8",
"pkcs12",
"token",
"sso_flag",
};

for (i = 0; i < countof(types); i++)
Expand All @@ -693,7 +694,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
return FALSE;
}
if (!streq(type, "eap") && !streq(type, "xauth") && !streq(type, "ntlm") &&
!streq(type, "ike") && !streq(type, "ppk"))
!streq(type, "ike") && !streq(type, "ppk") && !streq(type, "sso_flag"))
{ /* skip non-shared secrets */
return TRUE;
}
Expand Down

0 comments on commit d6358e7

Please sign in to comment.