Use the AAA Identity for EAP authentication, if given

author Martin Willi <martin@revosec.ch>

Tue, 31 Aug 2010 16:06:02 +0000 (18:06 +0200)

committer Martin Willi <martin@revosec.ch>

Tue, 31 Aug 2010 16:10:23 +0000 (18:10 +0200)
author Martin Willi <martin@revosec.ch>
Tue, 31 Aug 2010 16:06:02 +0000 (18:06 +0200)
committer Martin Willi <martin@revosec.ch>
Tue, 31 Aug 2010 16:10:23 +0000 (18:10 +0200)
diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c

index 0a2cb658cc4b0879157a268ff6231010b082b47f..8b22fd1d7c83eb4261ef75f1637d8d3250b9dc1c 100644 (file)
--- a/src/libcharon/sa/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/authenticators/eap_authenticator.c
@@ -99,22 +99,30 @@ struct private_eap_authenticator_t {
  static eap_method_t *load_method(private_eap_authenticator_t *this,
                                                         eap_type_t type, u_int32_t vendor, eap_role_t role)
  {
-       identification_t *server, *peer;
+       identification_t *server, *peer, *aaa;
+       auth_cfg_t *auth;
  
         if (role == EAP_SERVER)
         {
                 server = this->ike_sa->get_my_id(this->ike_sa);
                 peer = this->ike_sa->get_other_id(this->ike_sa);
+               auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
         }
         else
         {
                 server = this->ike_sa->get_other_id(this->ike_sa);
                 peer = this->ike_sa->get_my_id(this->ike_sa);
+               auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
         }
         if (this->eap_identity)
         {
                 peer = this->eap_identity;
         }
+       aaa = auth->get(auth, AUTH_RULE_AAA_IDENTITY);
+       if (aaa)
+       {
+               server = aaa;
+       }
         return charon->eap->create_instance(charon->eap, type, vendor,
                                                                                 role, server, peer);
  }
diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c

index 95f87eb0d620035a5d32e664d6a5f04415230459..32a31184595a06359903c1558a68501d95292af2 100644 (file)
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -537,6 +537,11 @@ static status_t process_r(private_ike_auth_t *this, message_t *message)
                         {
                                 cfg->add(cfg, AUTH_RULE_EAP_IDENTITY, id->clone(id));
                         }
+                       id = (identification_t*)cand->get(cand, AUTH_RULE_AAA_IDENTITY);
+                       if (id)
+                       {
+                               cfg->add(cfg, AUTH_RULE_AAA_IDENTITY, id->clone(id));
+                       }
                 }
  
                 /* verify authentication data */
author	Martin Willi <martin@revosec.ch>
	Tue, 31 Aug 2010 16:06:02 +0000 (18:06 +0200)
committer	Martin Willi <martin@revosec.ch>
	Tue, 31 Aug 2010 16:10:23 +0000 (18:10 +0200)
src/libcharon/sa/authenticators/eap_authenticator.c		patch \| blob \| blame \| history
src/libcharon/sa/tasks/ike_auth.c		patch \| blob \| blame \| history