ikev2: raise LOCAL_AUTH_FAILED when receiving INFORMATIONAL with AUTH_FAILED

author: Martin Willi <martin@revosec.ch> 2013-05-17 10:36:40 +0200
committer: Martin Willi <martin@revosec.ch> 2013-06-11 15:54:26 +0200
commit: ff3fff4dc9e06009197f657d426752d9893153ea (patch)
tree: 5c320b7520d0c0fdd45bb095b9316add774f7666
parent: ca74bf7a06d0ecc87f7e0d5704714b487fed0abd (diff)
download: strongswan-ff3fff4dc9e06009197f657d426752d9893153ea.tar.bz2
strongswan-ff3fff4dc9e06009197f657d426752d9893153ea.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.c b/src/libcharon/sa/ikev2/tasks/ike_delete.c
index f127b0c15..9bc62bf2a 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_delete.c
@@ -109,6 +109,14 @@ METHOD(task_t, process_r, status_t,
 		 this->ike_sa->get_other_host(this->ike_sa),
 		 this->ike_sa->get_other_id(this->ike_sa));
 
+	if (message->get_exchange_type(message) == INFORMATIONAL &&
+		message->get_notify(message, AUTHENTICATION_FAILED))
+	{
+		/* a late AUTHENTICATION_FAILED notify from the initiator after
+		 * we have established the IKE_SA: signal auth failure */
+		charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
+	}
+
 	switch (this->ike_sa->get_state(this->ike_sa))
 	{
 		case IKE_ESTABLISHED:
author	Martin Willi <martin@revosec.ch>	2013-05-17 10:36:40 +0200
committer	Martin Willi <martin@revosec.ch>	2013-06-11 15:54:26 +0200
commit	ff3fff4dc9e06009197f657d426752d9893153ea (patch)
tree	5c320b7520d0c0fdd45bb095b9316add774f7666
parent	ca74bf7a06d0ecc87f7e0d5704714b487fed0abd (diff)
download	strongswan-ff3fff4dc9e06009197f657d426752d9893153ea.tar.bz2 strongswan-ff3fff4dc9e06009197f657d426752d9893153ea.tar.xz