diff options
| author | Martin Willi <martin@strongswan.org> | 2007-11-20 12:06:40 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2007-11-20 12:06:40 +0000 |
| commit | ee61471113c2eac23324c5e8a4b5843ca0679e09 (patch) | |
| tree | 7a5dd0afac8e9b70d596f544bdc896bdb9757b2f /src/charon/sa/tasks/ike_auth.c | |
| parent | 7b36b734a4db879802c48b640db176d03add01e6 (diff) | |
| download | strongswan-ee61471113c2eac23324c5e8a4b5843ca0679e09.tar.bz2 strongswan-ee61471113c2eac23324c5e8a4b5843ca0679e09.tar.xz | |
implemented RFC4478 (repeated authentication)
changed %V printf handler to take a time delta, %#V now takes two arguments
Diffstat (limited to 'src/charon/sa/tasks/ike_auth.c')
| -rw-r--r-- | src/charon/sa/tasks/ike_auth.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c index a3cd6a2bc..0a9aef217 100644 --- a/src/charon/sa/tasks/ike_auth.c +++ b/src/charon/sa/tasks/ike_auth.c @@ -298,6 +298,23 @@ static status_t collect_other_init_data(private_ike_auth_t *this, message_t *mes } /** + * add the AUTH_LIFETIME notify to the message + */ +static void add_auth_lifetime(private_ike_auth_t *this, message_t *message) +{ + chunk_t chunk; + u_int32_t lifetime; + + lifetime = this->ike_sa->get_statistic(this->ike_sa, STAT_REAUTH_TIME); + if (lifetime) + { + chunk = chunk_from_thing(lifetime); + *(u_int32_t*)chunk.ptr = htonl(lifetime); + message->add_notify(message, FALSE, AUTH_LIFETIME, chunk); + } +} + +/** * Implementation of task_t.build to create AUTH payload from EAP data */ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message) @@ -326,6 +343,7 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message) this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); + add_auth_lifetime(this, message); return SUCCESS; } return NEED_MORE; @@ -520,6 +538,7 @@ static status_t process_r(private_ike_auth_t *this, message_t *message) break; case NOT_FOUND: /* use EAP if no AUTH payload found */ + this->ike_sa->set_condition(this->ike_sa, COND_EAP_AUTHENTICATED, TRUE); this->eap_auth = eap_authenticator_create(this->ike_sa); break; default: @@ -581,6 +600,7 @@ static status_t build_r(private_ike_auth_t *this, message_t *message) this->ike_sa->get_my_host(this->ike_sa), this->ike_sa->get_other_host(this->ike_sa), this->ike_sa->get_other_id(this->ike_sa)); + add_auth_lifetime(this, message); return SUCCESS; } @@ -645,6 +665,13 @@ static status_t process_i(private_ike_auth_t *this, message_t *message) case ADDITIONAL_IP6_ADDRESS: /* handled in ike_mobike task */ break; + case AUTH_LIFETIME: + { + chunk_t data = notify->get_notification_data(notify); + u_int32_t lifetime = ntohl(*(u_int32_t*)data.ptr); + this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime); + break; + } default: { if (type < 16383) |