Martin Willi wrote: > Hi, > >> I've changed the code of src/libcharon/sa/tasks/ike_auth.c as I want to >> perform an authorization after an authentication. > > You might have a look at our authorization hooks. It might be sufficient > if your plugin registers a listener_t to the bus and do the > authorization checks in these hooks. When my code matures more this looks like an interesting option. By that time I hope to have enough understanding of your sophisticated coding style to be able to implement such a plugin.
Although I reckon only a plugin would not suffice as I also want to be able to send a meaningful error message when "authorization hook forbids IKE_SA, cancelling" occurs. And I would use extra configuration options in the strongswan.conf file. >> For this authorization step I need to connect via sockets to another >> machine/program (permis). And figured that I could use the >> socket_dynamic_socket to this end. > > Probably not a good idea. Our socket_t implementations are very IKE > specific and not a generic abstraction for sockets. It is easier to use > plain BSD sockets for other protocols. Indeed it is. Luckily my efforts were not all in vain as it helps me understand the programming. >> ../../src/libcharon/.libs/libcharon.so: undefined reference to >> `socket_dynamic_socket_create' > > You can't invoke the socket_dynamic_socket_create() function directly, > as this code is implemented in a plugin. The function is only available > after the plugin has been loaded by the plugin_loader. The plugin then > registers this constructor function to the daemon. No need when using BSD sockets :) > Best regards > Martin Regards, Jan Willem Beusink _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
