Add basic support for XAuth responder authentication

diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 1b6ccc55819935a8f0df8bd35c8aa63e82799ddd..d6ed9aa845439bf77f24b391cdaba0c763d48b08 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -303,8 +303,9 @@ METHOD(task_t, build_i, status_t,
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                case AUTH_HYBRID_RESP_RSA:
-                                       /* TODO-IKEv1: not yet */
-                                       return FAILED;
+                                       this->ike_sa->queue_task(this->ike_sa,
+                                                                       (task_t*)xauth_create(this->ike_sa, TRUE));
+                                       return SUCCESS;
                                default:
                                        if (charon->ike_sa_manager->check_uniqueness(
                                                                charon->ike_sa_manager, this->ike_sa, FALSE))
@@ -476,8 +477,8 @@ METHOD(task_t, process_r, status_t,
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                case AUTH_HYBRID_RESP_RSA:
-                                       /* TODO-IKEv1: not yet supported */
-                                       return FAILED;
+                                       /* wait for XAUTH request */
+                                       return SUCCESS;
                                default:
                                        if (charon->ike_sa_manager->check_uniqueness(
                                                                charon->ike_sa_manager, this->ike_sa, FALSE))

diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 11bdc1d2afdeddafe46f67a3b1c8a3d1cb4a411d..a65b3a68b7c28a1d035ddf4d94053881310fd36a 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -505,8 +505,8 @@ METHOD(task_t, build_r, status_t,
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                case AUTH_HYBRID_RESP_RSA:
-                                       /* TODO-IKEv1: not yet supported */
-                                       return FAILED;
+                                       /* wait for XAUTH request */
+                                       return SUCCESS;
                                default:
                                        if (charon->ike_sa_manager->check_uniqueness(
                                                                charon->ike_sa_manager, this->ike_sa, FALSE))
@@ -634,8 +634,9 @@ METHOD(task_t, process_i, status_t,
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                case AUTH_HYBRID_RESP_RSA:
-                                       /* TODO-IKEv1: not yet */
-                                       return FAILED;
+                                       this->ike_sa->queue_task(this->ike_sa,
+                                                                       (task_t*)xauth_create(this->ike_sa, TRUE));
+                                       return SUCCESS;
                                default:
                                        if (charon->ike_sa_manager->check_uniqueness(
                                                                charon->ike_sa_manager, this->ike_sa, FALSE))