From: Martin Willi <martin@revosec.ch>
Date: Fri, 17 May 2013 08:36:40 +0000 (+0200)
Subject: ikev2: raise LOCAL_AUTH_FAILED when receiving INFORMATIONAL with AUTH_FAILED
X-Git-Tag: 5.1.0dr1~123^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ff3fff4dc9e06009197f657d426752d9893153ea;p=thirdparty%2Fstrongswan.git

ikev2: raise LOCAL_AUTH_FAILED when receiving INFORMATIONAL with AUTH_FAILED
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.c b/src/libcharon/sa/ikev2/tasks/ike_delete.c
index f127b0c150..9bc62bf2a8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_delete.c
@@ -109,6 +109,14 @@ METHOD(task_t, process_r, status_t,
 		 this->ike_sa->get_other_host(this->ike_sa),
 		 this->ike_sa->get_other_id(this->ike_sa));
 
+	if (message->get_exchange_type(message) == INFORMATIONAL &&
+		message->get_notify(message, AUTHENTICATION_FAILED))
+	{
+		/* a late AUTHENTICATION_FAILED notify from the initiator after
+		 * we have established the IKE_SA: signal auth failure */
+		charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
+	}
+
 	switch (this->ike_sa->get_state(this->ike_sa))
 	{
 		case IKE_ESTABLISHED: