*/
bool eap_acceptable;
+ /**
+ * Whether we already handled the first IKE_AUTH message
+ */
+ bool first_auth;
+
/**
* Gateway ID if redirected
*/
private_ike_auth_t *this, message_t *message)
{
auth_cfg_t *cfg;
+ bool first_auth = FALSE;
- if (message->get_exchange_type(message) == IKE_SA_INIT)
+ switch (message->get_exchange_type(message))
{
- return collect_my_init_data(this, message);
+ case IKE_SA_INIT:
+ return collect_my_init_data(this, message);
+ case IKE_AUTH:
+ if (!this->first_auth)
+ { /* some special handling for the first IKE_AUTH message below */
+ first_auth = this->first_auth = TRUE;
+ }
+ break;
+ default:
+ return NEED_MORE;
}
if (!this->peer_cfg)
this->peer_cfg->get_ref(this->peer_cfg);
}
- if (message->get_message_id(message) == 1)
+ if (first_auth)
{ /* in the first IKE_AUTH ... */
if (this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH))
{ /* indicate support for multiple authentication */
get_reserved_id_bytes(this, id_payload);
message->add_payload(message, (payload_t*)id_payload);
- if (idr && !idr->contains_wildcards(idr) &&
- message->get_message_id(message) == 1 &&
+ if (idr && !idr->contains_wildcards(idr) && first_auth &&
this->peer_cfg->get_unique_policy(this->peer_cfg) != UNIQUE_NEVER)
{
host_t *host;
id_payload_t *id_payload;
identification_t *id;
- if (message->get_exchange_type(message) == IKE_SA_INIT)
+ switch (message->get_exchange_type(message))
{
- return collect_other_init_data(this, message);
+ case IKE_SA_INIT:
+ return collect_other_init_data(this, message);
+ case IKE_AUTH:
+ break;
+ default:
+ return NEED_MORE;
}
if (!this->my_auth && this->do_another_auth)
return NEED_MORE;
}
- if (message->get_message_id(message) == 1)
+ if (!this->first_auth)
{ /* check for extensions in the first IKE_AUTH */
if (message->get_notify(message, MULTIPLE_AUTH_SUPPORTED))
{
{
this->initial_contact = TRUE;
}
+ this->first_auth = TRUE;
}
if (!this->other_auth)
identification_t *gateway;
auth_cfg_t *cfg;
- if (message->get_exchange_type(message) == IKE_SA_INIT)
+ switch (message->get_exchange_type(message))
{
- if (multiple_auth_enabled())
- {
- message->add_notify(message, FALSE, MULTIPLE_AUTH_SUPPORTED,
- chunk_empty);
- }
- return collect_my_init_data(this, message);
+ case IKE_SA_INIT:
+ if (multiple_auth_enabled())
+ {
+ message->add_notify(message, FALSE, MULTIPLE_AUTH_SUPPORTED,
+ chunk_empty);
+ }
+ return collect_my_init_data(this, message);
+ case IKE_AUTH:
+ break;
+ default:
+ return NEED_MORE;
}
if (this->authentication_failed || !this->peer_cfg)
auth_cfg_t *cfg;
bool mutual_eap = FALSE, ppk_id_received = FALSE;
- if (message->get_exchange_type(message) == IKE_SA_INIT)
+ switch (message->get_exchange_type(message))
{
- if (message->get_notify(message, MULTIPLE_AUTH_SUPPORTED) &&
- multiple_auth_enabled())
- {
- this->ike_sa->enable_extension(this->ike_sa, EXT_MULTIPLE_AUTH);
- }
- return collect_other_init_data(this, message);
+ case IKE_SA_INIT:
+ if (message->get_notify(message, MULTIPLE_AUTH_SUPPORTED) &&
+ multiple_auth_enabled())
+ {
+ this->ike_sa->enable_extension(this->ike_sa, EXT_MULTIPLE_AUTH);
+ }
+ return collect_other_init_data(this, message);
+ case IKE_AUTH:
+ break;
+ default:
+ return NEED_MORE;
}
enumerator = message->create_payload_enumerator(message);
this->expect_another_auth = TRUE;
this->authentication_failed = FALSE;
this->candidates = linked_list_create();
+ this->first_auth = FALSE;
}
METHOD(task_t, destroy, void,
projects / thirdparty / strongswan.git / commitdiff
