From: Martin Willi <martin@strongswan.org>
Date: Wed, 28 Oct 2009 15:04:45 +0000 (+0100)
Subject: Initiate full authentication if reauthentication identity is unknown
X-Git-Tag: 4.3.6~218
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2dbac2ab9c4d40c63bd5dc71cbd08d48d6dcd277;p=thirdparty%2Fstrongswan.git

Initiate full authentication if reauthentication identity is unknown
---

diff --git a/src/charon/plugins/eap_sim/eap_sim_server.c b/src/charon/plugins/eap_sim/eap_sim_server.c
index 2ea6e1e2b2..1975558385 100644
--- a/src/charon/plugins/eap_sim/eap_sim_server.c
+++ b/src/charon/plugins/eap_sim/eap_sim_server.c
@@ -419,7 +419,7 @@ static status_t process_start(private_eap_sim_server_t *this,
 		snprintf(buf, sizeof(buf), "%.*s", identity.len, identity.ptr);
 		id = identification_create_from_string(buf);
 
-		if (this->use_reauth)
+		if (this->use_reauth && !nonce.len)
 		{
 			char mk[HASH_SIZE_SHA1];
 			u_int16_t counter;
@@ -434,6 +434,11 @@ static status_t process_start(private_eap_sim_server_t *this,
 				this->reauth = id;
 				return reauthenticate(this, mk, counter, out);
 			}
+			DBG1(DBG_IKE, "received unknown reauthentication identity '%Y', "
+				 "initiating full authentication", id);
+			this->use_reauth = FALSE;
+			id->destroy(id);
+			return initiate(this, out);
 		}
 		if (this->use_pseudonym)
 		{