diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index 15a9972f2..855504fe0 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -241,6 +241,12 @@ METHOD(eap_payload_t, get_type, eap_type_t, return 0; } +METHOD(eap_payload_t, is_expanded, bool, + private_eap_payload_t *this) +{ + return this->data.len > 4 ? this->data.ptr[4] == EAP_EXPANDED : FALSE; +} + METHOD2(payload_t, eap_payload_t, destroy, void, private_eap_payload_t *this) { @@ -272,6 +278,7 @@ eap_payload_t *eap_payload_create() .get_code = _get_code, .get_identifier = _get_identifier, .get_type = _get_type, + .is_expanded = _is_expanded, .destroy = _destroy, }, .next_payload = NO_PAYLOAD, diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h index d3c3fae28..934983282 100644 --- a/src/libcharon/encoding/payloads/eap_payload.h +++ b/src/libcharon/encoding/payloads/eap_payload.h @@ -82,6 +82,13 @@ struct eap_payload_t { */ eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor); + /** + * Check if the EAP method type is encoded in the Expanded Type format. + * + * @return TRUE if in Expanded Type format + */ + bool (*is_expanded) (eap_payload_t *this); + /** * Destroys an eap_payload_t object. */ @@ -129,8 +136,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier); * @param identifier EAP identifier to use in payload * @param type preferred auth type, 0 to send all supported types * @param vendor vendor identifier for auth type, 0 for default - * @param expanded TRUE to send an expanded Nak (as response to an expanded - * request, i.e. one with vendor specific type) + * @param expanded TRUE to send an expanded Nak * @return eap_payload_t object */ eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type, diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c index 5e1972672..79fd667cb 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c @@ -152,7 +152,7 @@ METHOD(tls_application_t, process, status_t, { DBG1(DBG_IKE, "EAP method not supported"); this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0, - received_vendor != 0); + in->is_expanded(in)); in->destroy(in); return NEED_MORE; } diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index 811fe051b..00a4da3f8 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -193,7 +193,7 @@ METHOD(tls_application_t, process, status_t, { DBG1(DBG_IKE, "EAP method not supported"); this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0, - received_vendor != 0); + in->is_expanded(in)); in->destroy(in); return NEED_MORE; } diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index c9178d061..a340c04d7 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -404,14 +404,14 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, eap_type_names, conf_type); } return eap_payload_create_nak(in->get_identifier(in), conf_type, - conf_vendor, vendor != 0); + conf_vendor, in->is_expanded(in)); } this->method = load_method(this, type, vendor, EAP_PEER); if (!this->method) { DBG1(DBG_IKE, "EAP method not supported, sending EAP_NAK"); return eap_payload_create_nak(in->get_identifier(in), 0, 0, - vendor != 0); + in->is_expanded(in)); } }