Actions
Bug #5924
openstrongswan: gsup: implement Server Assignment Request/Answer
Start date:
02/26/2023
Due date:
% Done:
60%
Description
Implement the Server Assignment Request as GSUP Location Update Request/Answer.
In strongswan register the osmo-epdg as listener->authorize().
METHOD(listener_t, authorize, bool,
private_ext_auth_listener_t *this, ike_sa_t *ike_sa,
bool final, bool *success)
if (eap_aka_finish()) {
gsup_location_update();
*success = gsup_outcome_location_update()
}
The following plugins already do this:
- ext_auth (best match)
- whitelist
- save_keys.
The final flag might be too late.
Updated by lynxis 25 days ago
The authorize() is called after sending the EAP_SUCCESS.
We could track the EAP_SUCCESS message by hooking into message(). This would not require any further modifications to the strongswan core.
As alternative it would be possible to add a hook similar to authorize() to the eap code in src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
this->ike_sa->set_condition(this->ike_sa, COND_EAP_AUTHENTICATED,
TRUE);
this->eap_complete = TRUE;
return eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in));
Side note:
The authorize() callback is good to do the Tunnel Request/Response.
Actions
