diff options
| author | Martin Willi <martin@revosec.ch> | 2011-12-15 17:28:58 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:31:24 +0100 |
| commit | 429d95fef265e1c24da09d4559d7858a9d03467f (patch) | |
| tree | c01c047015ffa8ee1dbb4adb63d9d9f04e82a25c /src/libcharon/sa/tasks/main_mode.c | |
| parent | 5762c0efebc31b88ae2e50a3fc7def71be7b3363 (diff) | |
| download | strongswan-429d95fef265e1c24da09d4559d7858a9d03467f.tar.bz2 strongswan-429d95fef265e1c24da09d4559d7858a9d03467f.tar.xz | |
Send delete if Main Mode authentication fails as initiator
Diffstat (limited to 'src/libcharon/sa/tasks/main_mode.c')
| -rw-r--r-- | src/libcharon/sa/tasks/main_mode.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/src/libcharon/sa/tasks/main_mode.c b/src/libcharon/sa/tasks/main_mode.c index 525484f6f..5b2cdf77e 100644 --- a/src/libcharon/sa/tasks/main_mode.c +++ b/src/libcharon/sa/tasks/main_mode.c @@ -31,6 +31,7 @@ #include <sa/tasks/xauth.h> #include <sa/tasks/mode_config.h> #include <sa/tasks/informational.h> +#include <sa/tasks/isakmp_delete.h> typedef struct private_main_mode_t private_main_mode_t; @@ -495,6 +496,17 @@ static status_t send_notify(private_main_mode_t *this, notify_type_t type) return ALREADY_DONE; } +/** + * Queue a delete task if authentication failed as initiator + */ +static status_t send_delete(private_main_mode_t *this) +{ + this->ike_sa->queue_task(this->ike_sa, + (task_t*)isakmp_delete_create(this->ike_sa, TRUE)); + /* cancel all active tasks in favour of informational */ + return ALREADY_DONE; +} + METHOD(task_t, build_i, status_t, private_main_mode_t *this, message_t *message) { @@ -1034,7 +1046,7 @@ METHOD(task_t, process_i, status_t, if (!id_payload) { DBG1(DBG_IKE, "IDir payload missing"); - return send_notify(this, INVALID_PAYLOAD_TYPE); + return send_delete(this); } id = id_payload->get_identification(id_payload); if (!id->matches(id, this->other_auth->get(this->other_auth, @@ -1042,7 +1054,7 @@ METHOD(task_t, process_i, status_t, { DBG1(DBG_IKE, "IDir does not match"); id->destroy(id); - return send_notify(this, INVALID_ID_INFORMATION); + return send_delete(this); } this->ike_sa->set_other_id(this->ike_sa, id); @@ -1051,12 +1063,12 @@ METHOD(task_t, process_i, status_t, message) != SUCCESS) { DESTROY_IF(authenticator); - return send_notify(this, AUTHENTICATION_FAILED); + return send_delete(this); } authenticator->destroy(authenticator); if (!check_constraints(this)) { - return send_notify(this, AUTHENTICATION_FAILED); + return send_delete(this); } save_auth_cfg(this, FALSE); |