send proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches

author: Martin Willi <martin@strongswan.org> 2009-02-10 17:21:44 +0000
committer: Martin Willi <martin@strongswan.org> 2009-02-10 17:21:44 +0000
commit: 95f1735f876cd8d4939350877eaf56b4902d9cbb (patch)
tree: 2e194385a2432ae842be7205e8bec5cb7216811f /src/charon/sa
parent: 04a7a1c309fc8b84de3ddcde79052486c463a7e7 (diff)
download: strongswan-95f1735f876cd8d4939350877eaf56b4902d9cbb.tar.bz2
strongswan-95f1735f876cd8d4939350877eaf56b4902d9cbb.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c
index 2e405348c..ad1621714 100644
--- a/src/charon/sa/tasks/ike_auth.c
+++ b/src/charon/sa/tasks/ike_auth.c
@@ -336,6 +336,12 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message)
 	authenticator_t *auth;
 	auth_payload_t *auth_payload;
 	
+	if (!this->initiator && !this->peer_authenticated)
+	{
+		message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty);
+		return FAILED;
+	}
+	
 	auth = (authenticator_t*)this->eap_auth;
 	if (auth->build(auth, this->my_packet->get_data(this->my_packet),
 		this->other_nonce, &auth_payload) != SUCCESS)
author	Martin Willi <martin@strongswan.org>	2009-02-10 17:21:44 +0000
committer	Martin Willi <martin@strongswan.org>	2009-02-10 17:21:44 +0000
commit	95f1735f876cd8d4939350877eaf56b4902d9cbb (patch)
tree	2e194385a2432ae842be7205e8bec5cb7216811f /src/charon/sa
parent	04a7a1c309fc8b84de3ddcde79052486c463a7e7 (diff)
download	strongswan-95f1735f876cd8d4939350877eaf56b4902d9cbb.tar.bz2 strongswan-95f1735f876cd8d4939350877eaf56b4902d9cbb.tar.xz