From: Martin Willi Date: Thu, 3 Feb 2011 12:31:11 +0000 (+0100) Subject: Invoke the per-round authorize() hook before purging current auth info on IKE_SA X-Git-Tag: 4.5.1~76 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b49d047bfc9a2c2e76243ae36c494b9e910d0cfd;p=thirdparty%2Fstrongswan.git Invoke the per-round authorize() hook before purging current auth info on IKE_SA --- diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c index 03394dd5c8..0756c7d603 100644 --- a/src/libcharon/sa/tasks/ike_auth.c +++ b/src/libcharon/sa/tasks/ike_auth.c @@ -621,11 +621,6 @@ METHOD(task_t, process_r, status_t, this->initial_contact = TRUE; } - /* store authentication information */ - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); - this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); - /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, FALSE)) { @@ -634,6 +629,11 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } + /* store authentication information */ + cfg = auth_cfg_create(); + cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); + this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); + if (!update_cfg_candidates(this, FALSE)) { this->authentication_failed = TRUE; @@ -949,17 +949,17 @@ METHOD(task_t, process_i, status_t, this->other_auth->destroy(this->other_auth); this->other_auth = NULL; } - /* store authentication information, reset authenticator */ - cfg = auth_cfg_create(); - cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); - this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); - /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, FALSE)) { DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling"); return FAILED; } + + /* store authentication information, reset authenticator */ + cfg = auth_cfg_create(); + cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE); + this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg); } if (this->my_auth)