]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4536e66)
Invoke the per-round authorize() hook before purging current auth info on IKE_SA
authorMartin Willi <martin@revosec.ch>
Thu, 3 Feb 2011 12:31:11 +0000 (13:31 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 3 Feb 2011 16:08:39 +0000 (17:08 +0100)
src/libcharon/sa/tasks/ike_auth.c patch | blob | blame | history

diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index 03394dd5c88e3bdb21f05a973feda0e2f30dc528..0756c7d603b9a21ad10402cf5a236ad606dca567 100644 (file)
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -621,11 +621,6 @@ METHOD(task_t, process_r, status_t,
                this->initial_contact = TRUE;
        }
 
-       /* store authentication information */
-       cfg = auth_cfg_create();
-       cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE);
-       this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg);
-
        /* another auth round done, invoke authorize hook */
        if (!charon->bus->authorize(charon->bus, FALSE))
        {
@@ -634,6 +629,11 @@ METHOD(task_t, process_r, status_t,
                return NEED_MORE;
        }
 
+       /* store authentication information */
+       cfg = auth_cfg_create();
+       cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE);
+       this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg);
+
        if (!update_cfg_candidates(this, FALSE))
        {
                this->authentication_failed = TRUE;
@@ -949,17 +949,17 @@ METHOD(task_t, process_i, status_t,
                        this->other_auth->destroy(this->other_auth);
                        this->other_auth = NULL;
                }
-               /* store authentication information, reset authenticator */
-               cfg = auth_cfg_create();
-               cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE);
-               this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg);
-
                /* another auth round done, invoke authorize hook */
                if (!charon->bus->authorize(charon->bus, FALSE))
                {
                        DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling");
                        return FAILED;
                }
+
+               /* store authentication information, reset authenticator */
+               cfg = auth_cfg_create();
+               cfg->merge(cfg, this->ike_sa->get_auth_cfg(this->ike_sa, FALSE), FALSE);
+               this->ike_sa->add_auth_cfg(this->ike_sa, FALSE, cfg);
        }
 
        if (this->my_auth)
Unnamed repository; edit this file 'description' to name the repository.