send an empty EAP Ack client message if TLS was successful and handle it on the server
This commit is contained in:
parent
ad5033a67c
commit
733813c7fb
|
@ -41,11 +41,6 @@ struct private_eap_peap_peer_t {
|
|||
*/
|
||||
identification_t *peer;
|
||||
|
||||
/**
|
||||
* Current EAP-PEAP state
|
||||
*/
|
||||
bool start_phase2;
|
||||
|
||||
/**
|
||||
* Outer phase 1 EAP method
|
||||
*/
|
||||
|
@ -161,7 +156,6 @@ METHOD(tls_application_t, process, status_t,
|
|||
return NEED_MORE;
|
||||
}
|
||||
type = this->ph2_method->get_type(this->ph2_method, &vendor);
|
||||
this->start_phase2 = FALSE;
|
||||
}
|
||||
|
||||
status = this->ph2_method->process(this->ph2_method, in, &this->out);
|
||||
|
@ -198,27 +192,6 @@ METHOD(tls_application_t, build, status_t,
|
|||
eap_type_t type;
|
||||
u_int32_t vendor;
|
||||
|
||||
if (this->ph2_method == NULL && this->start_phase2)
|
||||
{
|
||||
/* generate an EAP Identity response */
|
||||
this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
|
||||
0, EAP_PEER, this->server, this->peer);
|
||||
if (this->ph2_method == NULL)
|
||||
{
|
||||
DBG1(DBG_IKE, "EAP_IDENTITY method not available");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
/* synchronize EAP message identifiers of inner protocol with outer */
|
||||
this->ph2_method->set_identifier(this->ph2_method,
|
||||
this->ph1_method->get_identifier(this->ph1_method));
|
||||
|
||||
this->ph2_method->process(this->ph2_method, NULL, &this->out);
|
||||
this->ph2_method->destroy(this->ph2_method);
|
||||
this->ph2_method = NULL;
|
||||
this->start_phase2 = FALSE;
|
||||
}
|
||||
|
||||
if (this->out)
|
||||
{
|
||||
code = this->out->get_code(this->out);
|
||||
|
@ -276,7 +249,6 @@ eap_peap_peer_t *eap_peap_peer_create(identification_t *server,
|
|||
.server = server->clone(server),
|
||||
.peer = peer->clone(peer),
|
||||
.ph1_method = eap_method,
|
||||
.start_phase2 = TRUE,
|
||||
.avp = eap_peap_avp_create(FALSE),
|
||||
);
|
||||
|
||||
|
|
|
@ -51,6 +51,11 @@ struct private_eap_peap_server_t {
|
|||
*/
|
||||
bool start_phase2_tnc;
|
||||
|
||||
/**
|
||||
* Starts phase 2 with EAP Identity request
|
||||
*/
|
||||
bool start_phase2_id;
|
||||
|
||||
/**
|
||||
* Final EAP-PEAP phase2 result
|
||||
*/
|
||||
|
@ -332,12 +337,12 @@ METHOD(tls_application_t, build, status_t,
|
|||
eap_type_t type;
|
||||
u_int32_t vendor;
|
||||
|
||||
if (this->ph2_method == NULL && this->start_phase2 &&
|
||||
lib->settings->get_bool(lib->settings,
|
||||
"charon.plugins.eap-peap.phase2_piggyback", FALSE))
|
||||
if (this->ph2_method == NULL && this->start_phase2 && this->start_phase2_id)
|
||||
{
|
||||
/* generate an EAP Identity request which will be piggybacked right
|
||||
* onto the TLS Finished message thus initiating EAP-PEAP phase2
|
||||
/*
|
||||
* Start Phase 2 with an EAP Identity request either piggybacked right
|
||||
* onto the TLS Finished payload or delayed after the reception of an
|
||||
* empty EAP Acknowledge message.
|
||||
*/
|
||||
this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
|
||||
0, EAP_SERVER, this->server, this->peer);
|
||||
|
@ -355,6 +360,8 @@ METHOD(tls_application_t, build, status_t,
|
|||
this->ph2_method->initiate(this->ph2_method, &this->out);
|
||||
this->start_phase2 = FALSE;
|
||||
}
|
||||
|
||||
this->start_phase2_id = TRUE;
|
||||
|
||||
if (this->out)
|
||||
{
|
||||
|
@ -415,6 +422,8 @@ eap_peap_server_t *eap_peap_server_create(identification_t *server,
|
|||
.ph1_method = eap_method,
|
||||
.start_phase2 = TRUE,
|
||||
.start_phase2_tnc = TRUE,
|
||||
.start_phase2_id = lib->settings->get_bool(lib->settings,
|
||||
"charon.plugins.eap-peap.phase2_piggyback", FALSE),
|
||||
.phase2_result = EAP_FAILURE,
|
||||
.avp = eap_peap_avp_create(TRUE),
|
||||
);
|
||||
|
|
Loading…
Reference in New Issue