From: Martin Willi <martin@revosec.ch>
Date: Thu, 15 Dec 2011 10:01:35 +0000 (+0100)
Subject: Save authentication info collected during main mode authentication
X-Git-Tag: 5.0.0~338^2~9^2~201
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ac3bc42e639ad70fe650257b3926b57e08b0f696;p=thirdparty%2Fstrongswan.git

Save authentication info collected during main mode authentication
---

diff --git a/src/libcharon/sa/tasks/main_mode.c b/src/libcharon/sa/tasks/main_mode.c
index f2b16b1fd4..89f63b789e 100644
--- a/src/libcharon/sa/tasks/main_mode.c
+++ b/src/libcharon/sa/tasks/main_mode.c
@@ -332,7 +332,28 @@ static auth_method_t get_auth_method(private_main_mode_t *this,
 	{
 		return AUTH_HYBRID_INIT_RSA;
 	}
-	return AUTH_NONE;;
+	return AUTH_NONE;
+}
+
+/**
+ * Save authentication information after authentication succeeded
+ */
+static void save_auth_cfg(private_main_mode_t *this, bool local)
+{
+	auth_cfg_t *auth;
+	bool initiator;
+
+	initiator = local == this->initiator;
+	if ((initiator && this->auth_method == AUTH_HYBRID_INIT_RSA) ||
+		(!initiator && this->auth_method == AUTH_HYBRID_RESP_RSA))
+	{	/* peer not authenticated in main mode with hybrid methods */
+		return;
+	}
+	auth = auth_cfg_create();
+	/* for local config, we _copy_ entires from the config, as it contains
+	 * certificates we must send later. */
+	auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), local);
+	this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);
 }
 
 /**
@@ -560,6 +581,7 @@ METHOD(task_t, build_i, status_t,
 				return FAILED;
 			}
 			authenticator->destroy(authenticator);
+			save_auth_cfg(this, TRUE);
 
 			this->state = MM_AUTH;
 			return NEED_MORE;
@@ -678,6 +700,7 @@ METHOD(task_t, process_r, status_t,
 				return send_notify(this, AUTHENTICATION_FAILED, chunk_empty);
 			}
 			authenticator->destroy(authenticator);
+			save_auth_cfg(this, FALSE);
 
 			this->state = MM_AUTH;
 			if (has_notify_errors(this, message))
@@ -877,6 +900,7 @@ METHOD(task_t, build_r, status_t,
 				return FAILED;
 			}
 			authenticator->destroy(authenticator);
+			save_auth_cfg(this, TRUE);
 
 			if (this->peer_cfg->get_virtual_ip(this->peer_cfg))
 			{
@@ -994,6 +1018,7 @@ METHOD(task_t, process_i, status_t,
 				return FAILED;
 			}
 			authenticator->destroy(authenticator);
+			save_auth_cfg(this, FALSE);
 
 			switch (this->auth_method)
 			{