ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

ikev2: Store outer EAP method used to authenticate remote peer in auth-cfg 

This allows symmetric configuration of EAP methods (i.e. the same value
in leftauth and rightauth) when mutual EAP-only authentication is used.
Previously the client had to configure rightauth=eap or rightauth=any,
which prevented it from using this same config as responder.
This commit is contained in:
Tobias Brunner 2015-06-08 16:52:03 +02:00
parent 64bef354d4
commit 49a20ef019
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
View File

@ -448,6 +448,8 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
identification_t *other_id;
auth_cfg_t *auth;
keymat_v2_t *keymat;
eap_type_t type;
u_int32_t vendor;
auth_payload = (auth_payload_t*)message->get_payload(message,
PLV2_AUTH);
@ -478,6 +480,13 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
this->auth_complete = TRUE;
auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
type = this->method->get_type(this->method, &vendor);
auth->add(auth, AUTH_RULE_EAP_TYPE, type);
if (vendor)
{
auth->add(auth, AUTH_RULE_EAP_VENDOR, vendor);
}
return TRUE;
}