Project

General

Profile

Bug #2481

Vici Load-Shared Disallows XAUTH Value

Added by Chinh Nguyen about 2 months ago. Updated 28 days ago.

Status:
Closed
Priority:
Normal
Category:
vici
Target version:
Start date:
Due date:
Affected version:
5.6.1
Resolution:
Fixed

Associated revisions

Revision 859d645c (diff)
Added by Tobias Brunner 28 days ago

vici: Accept XAUTH as shared key type too

Fixes #2481.

Revision a7f613ca (diff)
Added by Tobias Brunner 28 days ago

vici: Document NTLM secrets in README.md

Fixes #2481.

History

#1 Updated by Chinh Nguyen about 2 months ago

In the vici documentation (e.g., https://www.strongswan.org/apidoc/md_src_libcharon_plugins_vici_README.html) the supported options are listed as IKE, EAP, XAUTH. But when XAUTH is used, the message is rejected.

In function load_shared, case sensitive compare is used for xauth type but not the others:

  if (strcaseeq(str, "ike"))
  {
    type = SHARED_IKE;
  }
  else if (strcaseeq(str, "eap") || streq(str, "xauth"))
  {
    type = SHARED_EAP;
  }
  else if (strcaseeq(str, "ntlm"))
  {
    type = SHARED_NT_HASH;
  }

The workaround is to use lowercase xauth.

Note: ntlm is also not documented in the vici readme.

#2 Updated by Tobias Brunner about 2 months ago

  • Tracker changed from Issue to Bug
  • Status changed from New to Feedback
  • Target version set to 5.6.2

Thanks, I pushed fixes to the 2481-vici-xauth branch.

In the vici documentation (e.g., https://www.strongswan.org/apidoc/md_src_libcharon_plugins_vici_README.html) the supported options are listed as IKE, EAP, XAUTH. But when XAUTH is used, the message is rejected.

Since it's just an alias for EAP/eap it's not really a problem (and as you noted in lowercase, as used by swanctl, it was supported anyway).

Note: ntlm is also not documented in the vici readme.

Yeah, that was added a lot later (and is questionable anyway).

#3 Updated by Tobias Brunner 28 days ago

  • Category set to vici
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to Fixed

Also available in: Atom PDF