From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 8 Jun 2015 14:52:03 +0000 (+0200)
Subject: ikev2: Store outer EAP method used to authenticate remote peer in auth-cfg
X-Git-Tag: 5.3.3rc1~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49a20ef019e79d27aaa2362ac1966f38154610eb;p=thirdparty%2Fstrongswan.git

ikev2: Store outer EAP method used to authenticate remote peer in auth-cfg

This allows symmetric configuration of EAP methods (i.e. the same value
in leftauth and rightauth) when mutual EAP-only authentication is used.
Previously the client had to configure rightauth=eap or rightauth=any,
which prevented it from using this same config as responder.
---

diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index f1442096c0..91f6187f9b 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -448,6 +448,8 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
 	identification_t *other_id;
 	auth_cfg_t *auth;
 	keymat_v2_t *keymat;
+	eap_type_t type;
+	u_int32_t vendor;
 
 	auth_payload = (auth_payload_t*)message->get_payload(message,
 														 PLV2_AUTH);
@@ -478,6 +480,13 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
 	this->auth_complete = TRUE;
 	auth = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
 	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
+
+	type = this->method->get_type(this->method, &vendor);
+	auth->add(auth, AUTH_RULE_EAP_TYPE, type);
+	if (vendor)
+	{
+		auth->add(auth, AUTH_RULE_EAP_VENDOR, vendor);
+	}
 	return TRUE;
 }