Encode EAP-Naks in expanded format if we got an expanded type request
Since methods defined by the IETF (vendor ID 0) could also be encoded in expanded type format the previous check was insufficient.
This commit is contained in:
parent
78e8dca94f
commit
cc4eec56f7
|
@ -241,6 +241,12 @@ METHOD(eap_payload_t, get_type, eap_type_t,
|
|||
return 0;
|
||||
}
|
||||
|
||||
METHOD(eap_payload_t, is_expanded, bool,
|
||||
private_eap_payload_t *this)
|
||||
{
|
||||
return this->data.len > 4 ? this->data.ptr[4] == EAP_EXPANDED : FALSE;
|
||||
}
|
||||
|
||||
METHOD2(payload_t, eap_payload_t, destroy, void,
|
||||
private_eap_payload_t *this)
|
||||
{
|
||||
|
@ -272,6 +278,7 @@ eap_payload_t *eap_payload_create()
|
|||
.get_code = _get_code,
|
||||
.get_identifier = _get_identifier,
|
||||
.get_type = _get_type,
|
||||
.is_expanded = _is_expanded,
|
||||
.destroy = _destroy,
|
||||
},
|
||||
.next_payload = NO_PAYLOAD,
|
||||
|
|
|
@ -82,6 +82,13 @@ struct eap_payload_t {
|
|||
*/
|
||||
eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
|
||||
|
||||
/**
|
||||
* Check if the EAP method type is encoded in the Expanded Type format.
|
||||
*
|
||||
* @return TRUE if in Expanded Type format
|
||||
*/
|
||||
bool (*is_expanded) (eap_payload_t *this);
|
||||
|
||||
/**
|
||||
* Destroys an eap_payload_t object.
|
||||
*/
|
||||
|
@ -129,8 +136,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
|
|||
* @param identifier EAP identifier to use in payload
|
||||
* @param type preferred auth type, 0 to send all supported types
|
||||
* @param vendor vendor identifier for auth type, 0 for default
|
||||
* @param expanded TRUE to send an expanded Nak (as response to an expanded
|
||||
* request, i.e. one with vendor specific type)
|
||||
* @param expanded TRUE to send an expanded Nak
|
||||
* @return eap_payload_t object
|
||||
*/
|
||||
eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type,
|
||||
|
|
|
@ -152,7 +152,7 @@ METHOD(tls_application_t, process, status_t,
|
|||
{
|
||||
DBG1(DBG_IKE, "EAP method not supported");
|
||||
this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0,
|
||||
received_vendor != 0);
|
||||
in->is_expanded(in));
|
||||
in->destroy(in);
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
|
|
@ -193,7 +193,7 @@ METHOD(tls_application_t, process, status_t,
|
|||
{
|
||||
DBG1(DBG_IKE, "EAP method not supported");
|
||||
this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0,
|
||||
received_vendor != 0);
|
||||
in->is_expanded(in));
|
||||
in->destroy(in);
|
||||
return NEED_MORE;
|
||||
}
|
||||
|
|
|
@ -404,14 +404,14 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this,
|
|||
eap_type_names, conf_type);
|
||||
}
|
||||
return eap_payload_create_nak(in->get_identifier(in), conf_type,
|
||||
conf_vendor, vendor != 0);
|
||||
conf_vendor, in->is_expanded(in));
|
||||
}
|
||||
this->method = load_method(this, type, vendor, EAP_PEER);
|
||||
if (!this->method)
|
||||
{
|
||||
DBG1(DBG_IKE, "EAP method not supported, sending EAP_NAK");
|
||||
return eap_payload_create_nak(in->get_identifier(in), 0, 0,
|
||||
vendor != 0);
|
||||
in->is_expanded(in));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue