Initiate full authentication if reauthentication identity is unknown

author: Martin Willi <martin@strongswan.org> 2009-10-28 16:04:45 +0100
committer: Martin Willi <martin@strongswan.org> 2009-11-12 10:34:01 +0100
commit: 2dbac2ab9c4d40c63bd5dc71cbd08d48d6dcd277 (patch)
tree: 49ebc806e1ab7ea5a83fb666cb5f24db0ca66bd7 /src
parent: edcb2dd35b9d94435837af4dbed068f2046fb24e (diff)
download: strongswan-2dbac2ab9c4d40c63bd5dc71cbd08d48d6dcd277.tar.bz2
strongswan-2dbac2ab9c4d40c63bd5dc71cbd08d48d6dcd277.tar.xz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/charon/plugins/eap_sim/eap_sim_server.c b/src/charon/plugins/eap_sim/eap_sim_server.c
index 2ea6e1e2b..197555838 100644
--- a/src/charon/plugins/eap_sim/eap_sim_server.c
+++ b/src/charon/plugins/eap_sim/eap_sim_server.c
@@ -419,7 +419,7 @@ static status_t process_start(private_eap_sim_server_t *this,
 		snprintf(buf, sizeof(buf), "%.*s", identity.len, identity.ptr);
 		id = identification_create_from_string(buf);
 
-		if (this->use_reauth)
+		if (this->use_reauth && !nonce.len)
 		{
 			char mk[HASH_SIZE_SHA1];
 			u_int16_t counter;
@@ -434,6 +434,11 @@ static status_t process_start(private_eap_sim_server_t *this,
 				this->reauth = id;
 				return reauthenticate(this, mk, counter, out);
 			}
+			DBG1(DBG_IKE, "received unknown reauthentication identity '%Y', "
+				 "initiating full authentication", id);
+			this->use_reauth = FALSE;
+			id->destroy(id);
+			return initiate(this, out);
 		}
 		if (this->use_pseudonym)
 		{
author	Martin Willi <martin@strongswan.org>	2009-10-28 16:04:45 +0100
committer	Martin Willi <martin@strongswan.org>	2009-11-12 10:34:01 +0100
commit	2dbac2ab9c4d40c63bd5dc71cbd08d48d6dcd277 (patch)
tree	49ebc806e1ab7ea5a83fb666cb5f24db0ca66bd7 /src
parent	edcb2dd35b9d94435837af4dbed068f2046fb24e (diff)
download	strongswan-2dbac2ab9c4d40c63bd5dc71cbd08d48d6dcd277.tar.bz2 strongswan-2dbac2ab9c4d40c63bd5dc71cbd08d48d6dcd277.tar.xz