From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 23 Aug 2012 06:36:24 +0000 (+0200)
Subject: Encode EAP-Naks in expanded format if we got an expanded type request
X-Git-Tag: 5.0.1~154^2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc4eec56f73ef54386badc8732b1867cbe05b47f;p=thirdparty%2Fstrongswan.git

Encode EAP-Naks in expanded format if we got an expanded type request

Since methods defined by the IETF (vendor ID 0) could also be encoded in
expanded type format the previous check was insufficient.
---

diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index 15a9972f21..855504fe0a 100644
--- a/src/libcharon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
@@ -241,6 +241,12 @@ METHOD(eap_payload_t, get_type, eap_type_t,
 	return 0;
 }
 
+METHOD(eap_payload_t, is_expanded, bool,
+	private_eap_payload_t *this)
+{
+	return this->data.len > 4 ? this->data.ptr[4] == EAP_EXPANDED : FALSE;
+}
+
 METHOD2(payload_t, eap_payload_t, destroy, void,
 	private_eap_payload_t *this)
 {
@@ -272,6 +278,7 @@ eap_payload_t *eap_payload_create()
 			.get_code = _get_code,
 			.get_identifier = _get_identifier,
 			.get_type = _get_type,
+			.is_expanded = _is_expanded,
 			.destroy = _destroy,
 		},
 		.next_payload = NO_PAYLOAD,
diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h
index d3c3fae28f..9349832820 100644
--- a/src/libcharon/encoding/payloads/eap_payload.h
+++ b/src/libcharon/encoding/payloads/eap_payload.h
@@ -82,6 +82,13 @@ struct eap_payload_t {
 	 */
 	eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
 
+	/**
+	 * Check if the EAP method type is encoded in the Expanded Type format.
+	 *
+	 * @return			TRUE if in Expanded Type format
+	 */
+	bool (*is_expanded) (eap_payload_t *this);
+
 	/**
 	 * Destroys an eap_payload_t object.
 	 */
@@ -129,8 +136,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
  * @param identifier	EAP identifier to use in payload
  * @param type			preferred auth type, 0 to send all supported types
  * @param vendor		vendor identifier for auth type, 0 for default
- * @param expanded		TRUE to send an expanded Nak (as response to an expanded
- * 						request, i.e. one with vendor specific type)
+ * @param expanded		TRUE to send an expanded Nak
  * @return 				eap_payload_t object
  */
 eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type,
diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
index 5e19726725..79fd667cb7 100644
--- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
@@ -152,7 +152,7 @@ METHOD(tls_application_t, process, status_t,
 		{
 			DBG1(DBG_IKE, "EAP method not supported");
 			this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0,
-											   received_vendor != 0);
+											   in->is_expanded(in));
 			in->destroy(in);
 			return NEED_MORE;
 		}
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
index 811fe051b3..00a4da3f82 100644
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
@@ -193,7 +193,7 @@ METHOD(tls_application_t, process, status_t,
 		{
 			DBG1(DBG_IKE, "EAP method not supported");
 			this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0,
-											   received_vendor != 0);
+											   in->is_expanded(in));
 			in->destroy(in);
 			return NEED_MORE;
 		}
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index c9178d061e..a340c04d70 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -404,14 +404,14 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this,
 					 eap_type_names, conf_type);
 			}
 			return eap_payload_create_nak(in->get_identifier(in), conf_type,
-										  conf_vendor, vendor != 0);
+										  conf_vendor, in->is_expanded(in));
 		}
 		this->method = load_method(this, type, vendor, EAP_PEER);
 		if (!this->method)
 		{
 			DBG1(DBG_IKE, "EAP method not supported, sending EAP_NAK");
 			return eap_payload_create_nak(in->get_identifier(in), 0, 0,
-										  vendor != 0);
+										  in->is_expanded(in));
 		}
 	}