Added option to disable identity requests completely (old behavior)

author Martin Willi <martin@strongswan.org>

Thu, 29 Oct 2009 09:19:43 +0000 (10:19 +0100)

committer Martin Willi <martin@strongswan.org>

Thu, 12 Nov 2009 09:34:01 +0000 (10:34 +0100)
author Martin Willi <martin@strongswan.org>
Thu, 29 Oct 2009 09:19:43 +0000 (10:19 +0100)
committer Martin Willi <martin@strongswan.org>
Thu, 12 Nov 2009 09:34:01 +0000 (10:34 +0100)
diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.c b/src/charon/plugins/eap_sim/eap_sim_peer.c

index a681cc4957b9a4aa0b71bf399519ca241e9636e4..8574f7da7135232a23351544420ef43e85a2aaaf 100644 (file)
--- a/src/charon/plugins/eap_sim/eap_sim_peer.c
+++ b/src/charon/plugins/eap_sim/eap_sim_peer.c
@@ -246,7 +246,7 @@ static status_t process_start(private_eap_sim_peer_t *this,
         simaka_message_t *message;
         enumerator_t *enumerator;
         simaka_attribute_t type;
-       chunk_t data, id;
+       chunk_t data, id = chunk_empty;
         rng_t *rng;
         bool supported = FALSE;
         simaka_attribute_t id_req = 0;
diff --git a/src/charon/plugins/eap_sim/eap_sim_server.c b/src/charon/plugins/eap_sim/eap_sim_server.c

index 197555838524f309e372aeda6d413c9a38781da8..fbc9daf4f65760e28a9b31f1b3147fcd0e7999a1 100644 (file)
--- a/src/charon/plugins/eap_sim/eap_sim_server.c
+++ b/src/charon/plugins/eap_sim/eap_sim_server.c
@@ -450,6 +450,7 @@ static status_t process_start(private_eap_sim_server_t *this,
                                 this->permanent->destroy(this->permanent);
                                 this->permanent = permanent;
                                 this->pseudonym = id->clone(id);
+                               /* we already have a new permanent identity now */
                                 this->use_permanent = FALSE;
                         }
                 }
@@ -482,7 +483,7 @@ static status_t process_start(private_eap_sim_server_t *this,
                         {
                                 /* probably received a pseudonym we couldn't map */
                                 DBG1(DBG_IKE, "failed to map pseudonym identity '%Y', "
-                                        "fallback to fullauth identity request", this->permanent);
+                                        "fallback to permanent identity request", this->permanent);
                                 this->use_pseudonym = FALSE;
                                 DESTROY_IF(this->pseudonym);
                                 this->pseudonym = NULL;
@@ -513,17 +514,22 @@ static status_t process_start(private_eap_sim_server_t *this,
         message = simaka_message_create(TRUE, this->identifier++, EAP_SIM,
                                                                         SIM_CHALLENGE, this->crypto);
         message->add_attribute(message, AT_RAND, rands);
-       if (this->use_reauth && (id = gen_reauth(this, mk.ptr)))
+       id = gen_reauth(this, mk.ptr);
+       if (id)
         {
                 message->add_attribute(message, AT_NEXT_REAUTH_ID,
                                                            id->get_encoding(id));
                 id->destroy(id);
         }
-       else if (this->use_pseudonym && (id = gen_pseudonym(this)))
+       else
         {
-               message->add_attribute(message, AT_NEXT_PSEUDONYM,
-                                                          id->get_encoding(id));
-               id->destroy(id);
+               id = gen_pseudonym(this);
+               if (id)
+               {
+                       message->add_attribute(message, AT_NEXT_PSEUDONYM,
+                                                                  id->get_encoding(id));
+                       id->destroy(id);
+               }
         }
         *out = message->generate(message, nonce);
         message->destroy(message);
@@ -717,12 +723,10 @@ eap_sim_server_t *eap_sim_server_create(identification_t *server,
         this->msk = chunk_empty;
         this->counter = chunk_empty;
         this->pending = 0;
-       this->use_reauth = lib->settings->get_bool(lib->settings,
-                                                               "charon.plugins.eap-sim.use_reauth", TRUE);
-       this->use_pseudonym = lib->settings->get_bool(lib->settings,
-                                                               "charon.plugins.eap-sim.use_pseudonym", TRUE);
-       this->use_permanent = lib->settings->get_bool(lib->settings,
-                                                               "charon.plugins.eap-sim.use_permanent", TRUE);
+       this->use_reauth = this->use_pseudonym = this->use_permanent =
+               lib->settings->get_bool(lib->settings,
+                                                               "charon.plugins.eap-sim.request_identity", TRUE);
+
         /* generate a non-zero identifier */
         do {
                 this->identifier = random();
author	Martin Willi <martin@strongswan.org>
	Thu, 29 Oct 2009 09:19:43 +0000 (10:19 +0100)
committer	Martin Willi <martin@strongswan.org>
	Thu, 12 Nov 2009 09:34:01 +0000 (10:34 +0100)
src/charon/plugins/eap_sim/eap_sim_peer.c		patch \| blob \| blame \| history
src/charon/plugins/eap_sim/eap_sim_server.c		patch \| blob \| blame \| history