fixed memleaks when using EAP authentication
fixed configuration payloads when using EAP
This commit is contained in:
parent
5744d3e777
commit
f5fbad4a62
|
@ -359,70 +359,87 @@ static status_t process_auth_eap(private_ike_auth_t *this, message_t *message)
|
||||||
/**
|
/**
|
||||||
* Implementation of task_t.process for EAP exchanges
|
* Implementation of task_t.process for EAP exchanges
|
||||||
*/
|
*/
|
||||||
static status_t process_eap(private_ike_auth_t *this, message_t *message)
|
static status_t process_eap_i(private_ike_auth_t *this, message_t *message)
|
||||||
{
|
{
|
||||||
eap_payload_t *eap;
|
eap_payload_t *eap;
|
||||||
|
|
||||||
eap = (eap_payload_t*)message->get_payload(message, EXTENSIBLE_AUTHENTICATION);
|
eap = (eap_payload_t*)message->get_payload(message, EXTENSIBLE_AUTHENTICATION);
|
||||||
|
if (eap == NULL)
|
||||||
if (this->initiator)
|
{
|
||||||
{
|
SIG(IKE_UP_FAILED, "EAP payload missing");
|
||||||
switch (this->eap_auth->process(this->eap_auth, eap, &eap))
|
return FAILED;
|
||||||
{
|
|
||||||
case NEED_MORE:
|
|
||||||
break;
|
|
||||||
case SUCCESS:
|
|
||||||
/* EAP exchange completed, now create and process AUTH */
|
|
||||||
this->public.task.build = (status_t(*)(task_t*,message_t*))build_auth_eap;
|
|
||||||
this->public.task.process = (status_t(*)(task_t*,message_t*))process_auth_eap;
|
|
||||||
return NEED_MORE;
|
|
||||||
default:
|
|
||||||
SIG(IKE_UP_FAILED, "failed to authenticate against %D using EAP",
|
|
||||||
this->ike_sa->get_other_id(this->ike_sa));
|
|
||||||
return FAILED;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
this->eap_payload = eap;
|
switch (this->eap_auth->process(this->eap_auth, eap, &eap))
|
||||||
|
{
|
||||||
|
case NEED_MORE:
|
||||||
|
this->eap_payload = eap;
|
||||||
|
return NEED_MORE;
|
||||||
|
case SUCCESS:
|
||||||
|
/* EAP exchange completed, now create and process AUTH */
|
||||||
|
this->eap_payload = NULL;
|
||||||
|
this->public.task.build = (status_t(*)(task_t*,message_t*))build_auth_eap;
|
||||||
|
this->public.task.process = (status_t(*)(task_t*,message_t*))process_auth_eap;
|
||||||
|
return NEED_MORE;
|
||||||
|
default:
|
||||||
|
this->eap_payload = NULL;
|
||||||
|
SIG(IKE_UP_FAILED, "failed to authenticate against %D using EAP",
|
||||||
|
this->ike_sa->get_other_id(this->ike_sa));
|
||||||
|
return FAILED;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Implementation of task_t.process for EAP exchanges
|
||||||
|
*/
|
||||||
|
static status_t process_eap_r(private_ike_auth_t *this, message_t *message)
|
||||||
|
{
|
||||||
|
this->eap_payload = (eap_payload_t*)message->get_payload(message,
|
||||||
|
EXTENSIBLE_AUTHENTICATION);
|
||||||
return NEED_MORE;
|
return NEED_MORE;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implementation of task_t.build for EAP exchanges
|
* Implementation of task_t.build for EAP exchanges
|
||||||
*/
|
*/
|
||||||
static status_t build_eap(private_ike_auth_t *this, message_t *message)
|
static status_t build_eap_i(private_ike_auth_t *this, message_t *message)
|
||||||
{
|
{
|
||||||
|
message->add_payload(message, (payload_t*)this->eap_payload);
|
||||||
|
return NEED_MORE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Implementation of task_t.build for EAP exchanges
|
||||||
|
*/
|
||||||
|
static status_t build_eap_r(private_ike_auth_t *this, message_t *message)
|
||||||
|
{
|
||||||
|
status_t status = NEED_MORE;
|
||||||
eap_payload_t *eap;
|
eap_payload_t *eap;
|
||||||
|
|
||||||
if (this->eap_payload == NULL)
|
if (this->eap_payload == NULL)
|
||||||
{
|
{
|
||||||
SIG(IKE_UP_FAILED, "expected an EAP payload, but none found");
|
SIG(IKE_UP_FAILED, "EAP payload missing");
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (this->initiator)
|
switch (this->eap_auth->process(this->eap_auth, this->eap_payload, &eap))
|
||||||
{
|
|
||||||
chunk_t chunk = this->eap_payload->get_data(this->eap_payload);
|
|
||||||
eap = eap_payload_create_data(chunk);
|
|
||||||
message->add_payload(message, (payload_t*)eap);
|
|
||||||
return NEED_MORE;
|
|
||||||
}
|
|
||||||
switch (this->eap_auth->process(this->eap_auth, eap, &eap))
|
|
||||||
{
|
{
|
||||||
case NEED_MORE:
|
case NEED_MORE:
|
||||||
return NEED_MORE;
|
|
||||||
|
break;
|
||||||
case SUCCESS:
|
case SUCCESS:
|
||||||
message->add_payload(message, (payload_t*)eap);
|
|
||||||
/* EAP exchange completed, now create and process AUTH */
|
/* EAP exchange completed, now create and process AUTH */
|
||||||
this->public.task.build = (status_t(*)(task_t*,message_t*))build_auth_eap;
|
this->public.task.build = (status_t(*)(task_t*,message_t*))build_auth_eap;
|
||||||
this->public.task.process = (status_t(*)(task_t*,message_t*))process_auth_eap;
|
this->public.task.process = (status_t(*)(task_t*,message_t*))process_auth_eap;
|
||||||
return NEED_MORE;
|
break;
|
||||||
default:
|
default:
|
||||||
SIG(IKE_UP_FAILED, "authentication of %D using %N failed",
|
SIG(IKE_UP_FAILED, "authentication of %D using %N failed",
|
||||||
this->ike_sa->get_other_id(this->ike_sa),
|
this->ike_sa->get_other_id(this->ike_sa),
|
||||||
auth_method_names, AUTH_EAP);
|
auth_method_names, AUTH_EAP);
|
||||||
message->add_payload(message, (payload_t*)eap);
|
status = FAILED;
|
||||||
return FAILED;
|
break;
|
||||||
}
|
}
|
||||||
|
message->add_payload(message, (payload_t*)eap);
|
||||||
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -549,8 +566,8 @@ static status_t build_r(private_ike_auth_t *this, message_t *message)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* switch to EAP methods */
|
/* switch to EAP methods */
|
||||||
this->public.task.build = (status_t(*)(task_t*,message_t*))build_eap;
|
this->public.task.build = (status_t(*)(task_t*,message_t*))build_eap_r;
|
||||||
this->public.task.process = (status_t(*)(task_t*,message_t*))process_eap;
|
this->public.task.process = (status_t(*)(task_t*,message_t*))process_eap_r;
|
||||||
return NEED_MORE;
|
return NEED_MORE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -614,9 +631,9 @@ static status_t process_i(private_ike_auth_t *this, message_t *message)
|
||||||
if (this->eap_auth)
|
if (this->eap_auth)
|
||||||
{
|
{
|
||||||
/* switch to EAP authentication methods */
|
/* switch to EAP authentication methods */
|
||||||
this->public.task.build = (status_t(*)(task_t*,message_t*))build_eap;
|
this->public.task.build = (status_t(*)(task_t*,message_t*))build_eap_i;
|
||||||
this->public.task.process = (status_t(*)(task_t*,message_t*))process_eap;
|
this->public.task.process = (status_t(*)(task_t*,message_t*))process_eap_i;
|
||||||
return process_eap(this, message);
|
return process_eap_i(this, message);
|
||||||
}
|
}
|
||||||
|
|
||||||
this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
|
this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED);
|
||||||
|
|
|
@ -263,7 +263,8 @@ static void process_payloads(private_ike_config_t *this, message_t *message)
|
||||||
*/
|
*/
|
||||||
static status_t build_i(private_ike_config_t *this, message_t *message)
|
static status_t build_i(private_ike_config_t *this, message_t *message)
|
||||||
{
|
{
|
||||||
if (message->get_exchange_type(message) != IKE_SA_INIT)
|
if (message->get_exchange_type(message) == IKE_AUTH &&
|
||||||
|
message->get_payload(message, ID_INITIATOR))
|
||||||
{
|
{
|
||||||
this->virtual_ip = this->policy->get_virtual_ip(this->policy, NULL);
|
this->virtual_ip = this->policy->get_virtual_ip(this->policy, NULL);
|
||||||
|
|
||||||
|
@ -278,7 +279,8 @@ static status_t build_i(private_ike_config_t *this, message_t *message)
|
||||||
*/
|
*/
|
||||||
static status_t process_r(private_ike_config_t *this, message_t *message)
|
static status_t process_r(private_ike_config_t *this, message_t *message)
|
||||||
{
|
{
|
||||||
if (message->get_exchange_type(message) != IKE_SA_INIT)
|
if (message->get_exchange_type(message) == IKE_AUTH &&
|
||||||
|
message->get_payload(message, ID_INITIATOR))
|
||||||
{
|
{
|
||||||
process_payloads(this, message);
|
process_payloads(this, message);
|
||||||
}
|
}
|
||||||
|
@ -290,7 +292,8 @@ static status_t process_r(private_ike_config_t *this, message_t *message)
|
||||||
*/
|
*/
|
||||||
static status_t build_r(private_ike_config_t *this, message_t *message)
|
static status_t build_r(private_ike_config_t *this, message_t *message)
|
||||||
{
|
{
|
||||||
if (message->get_exchange_type(message) != IKE_SA_INIT)
|
if (message->get_exchange_type(message) == IKE_AUTH &&
|
||||||
|
message->get_payload(message, EXTENSIBLE_AUTHENTICATION) == NULL)
|
||||||
{
|
{
|
||||||
this->policy = this->ike_sa->get_policy(this->ike_sa);
|
this->policy = this->ike_sa->get_policy(this->ike_sa);
|
||||||
|
|
||||||
|
@ -333,7 +336,8 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
|
||||||
*/
|
*/
|
||||||
static status_t process_i(private_ike_config_t *this, message_t *message)
|
static status_t process_i(private_ike_config_t *this, message_t *message)
|
||||||
{
|
{
|
||||||
if (message->get_exchange_type(message) != IKE_SA_INIT)
|
if (message->get_exchange_type(message) == IKE_AUTH &&
|
||||||
|
!message->get_payload(message, EXTENSIBLE_AUTHENTICATION))
|
||||||
{
|
{
|
||||||
host_t *ip;
|
host_t *ip;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue