ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

send an empty EAP Ack client message if TLS was successful and handle it on the server

This commit is contained in:
Andreas Steffen 2011-04-15 15:02:08 +02:00
parent ad5033a67c
commit 733813c7fb
2 changed files with 14 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/libcharon/plugins/eap_peap/eap_peap_peer.c
View File

@ -41,11 +41,6 @@ struct private_eap_peap_peer_t {
*/
identification_t *peer;
/**
* Current EAP-PEAP state
*/
bool start_phase2;
/**
* Outer phase 1 EAP method
*/
@ -161,7 +156,6 @@ METHOD(tls_application_t, process, status_t,
return NEED_MORE;
}
type = this->ph2_method->get_type(this->ph2_method, &vendor);
this->start_phase2 = FALSE;
}
status = this->ph2_method->process(this->ph2_method, in, &this->out);
@ -198,27 +192,6 @@ METHOD(tls_application_t, build, status_t,
eap_type_t type;
u_int32_t vendor;
if (this->ph2_method == NULL && this->start_phase2)
{
/* generate an EAP Identity response */
this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
0, EAP_PEER, this->server, this->peer);
if (this->ph2_method == NULL)
{
DBG1(DBG_IKE, "EAP_IDENTITY method not available");
return FAILED;
}
/* synchronize EAP message identifiers of inner protocol with outer */
this->ph2_method->set_identifier(this->ph2_method,
this->ph1_method->get_identifier(this->ph1_method));
this->ph2_method->process(this->ph2_method, NULL, &this->out);
this->ph2_method->destroy(this->ph2_method);
this->ph2_method = NULL;
this->start_phase2 = FALSE;
}
if (this->out)
{
code = this->out->get_code(this->out);
@ -276,7 +249,6 @@ eap_peap_peer_t *eap_peap_peer_create(identification_t *server,
.server = server->clone(server),
.peer = peer->clone(peer),
.ph1_method = eap_method,
.start_phase2 = TRUE,
.avp = eap_peap_avp_create(FALSE),
);

19
src/libcharon/plugins/eap_peap/eap_peap_server.c
View File

@ -51,6 +51,11 @@ struct private_eap_peap_server_t {
*/
bool start_phase2_tnc;
/**
* Starts phase 2 with EAP Identity request
*/
bool start_phase2_id;
/**
* Final EAP-PEAP phase2 result
*/
@ -332,12 +337,12 @@ METHOD(tls_application_t, build, status_t,
eap_type_t type;
u_int32_t vendor;
if (this->ph2_method == NULL && this->start_phase2 &&
lib->settings->get_bool(lib->settings,
"charon.plugins.eap-peap.phase2_piggyback", FALSE))
if (this->ph2_method == NULL && this->start_phase2 && this->start_phase2_id)
{
/* generate an EAP Identity request which will be piggybacked right
* onto the TLS Finished message thus initiating EAP-PEAP phase2
/*
* Start Phase 2 with an EAP Identity request either piggybacked right
* onto the TLS Finished payload or delayed after the reception of an
* empty EAP Acknowledge message.
*/
this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
0, EAP_SERVER, this->server, this->peer);
@ -355,6 +360,8 @@ METHOD(tls_application_t, build, status_t,
this->ph2_method->initiate(this->ph2_method, &this->out);
this->start_phase2 = FALSE;
}
this->start_phase2_id = TRUE;
if (this->out)
{
@ -415,6 +422,8 @@ eap_peap_server_t *eap_peap_server_create(identification_t *server,
.ph1_method = eap_method,
.start_phase2 = TRUE,
.start_phase2_tnc = TRUE,
.start_phase2_id = lib->settings->get_bool(lib->settings,
"charon.plugins.eap-peap.phase2_piggyback", FALSE),
.phase2_result = EAP_FAILURE,
.avp = eap_peap_avp_create(TRUE),
);