From: Martin Willi Date: Tue, 31 Aug 2010 16:06:02 +0000 (+0200) Subject: Use the AAA Identity for EAP authentication, if given X-Git-Tag: 4.5.0~362 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36eafea232f0b5e8cfe89a8a69f915a1e21a4369;p=thirdparty%2Fstrongswan.git Use the AAA Identity for EAP authentication, if given --- diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c index 0a2cb658cc..8b22fd1d7c 100644 --- a/src/libcharon/sa/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/authenticators/eap_authenticator.c @@ -99,22 +99,30 @@ struct private_eap_authenticator_t { static eap_method_t *load_method(private_eap_authenticator_t *this, eap_type_t type, u_int32_t vendor, eap_role_t role) { - identification_t *server, *peer; + identification_t *server, *peer, *aaa; + auth_cfg_t *auth; if (role == EAP_SERVER) { server = this->ike_sa->get_my_id(this->ike_sa); peer = this->ike_sa->get_other_id(this->ike_sa); + auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE); } else { server = this->ike_sa->get_other_id(this->ike_sa); peer = this->ike_sa->get_my_id(this->ike_sa); + auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE); } if (this->eap_identity) { peer = this->eap_identity; } + aaa = auth->get(auth, AUTH_RULE_AAA_IDENTITY); + if (aaa) + { + server = aaa; + } return charon->eap->create_instance(charon->eap, type, vendor, role, server, peer); } diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c index 95f87eb0d6..32a3118459 100644 --- a/src/libcharon/sa/tasks/ike_auth.c +++ b/src/libcharon/sa/tasks/ike_auth.c @@ -537,6 +537,11 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) { cfg->add(cfg, AUTH_RULE_EAP_IDENTITY, id->clone(id)); } + id = (identification_t*)cand->get(cand, AUTH_RULE_AAA_IDENTITY); + if (id) + { + cfg->add(cfg, AUTH_RULE_AAA_IDENTITY, id->clone(id)); + } } /* verify authentication data */