diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-08-16 18:30:29 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-08-16 18:30:41 +0200 |
| commit | 9ba53310ee357c68a6964dd23c1e52468baa7f1b (patch) | |
| tree | 735aeafb0d95fec0535c0e78863882072ccb98b5 /src | |
| parent | f2b9b9725c4c2d662de3d89b4eb50772d2a1c965 (diff) | |
| download | strongswan-9ba53310ee357c68a6964dd23c1e52468baa7f1b.tar.bz2 strongswan-9ba53310ee357c68a6964dd23c1e52468baa7f1b.tar.xz | |
implemented server-initiated phase2 of EAP-TTLS authentication
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/eap_ttls_peer.c | 36 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/eap_ttls_server.c | 31 |
2 files changed, 52 insertions, 15 deletions
diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index b47ed938d..b675d9ab4 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -133,22 +133,30 @@ METHOD(tls_application_t, process, status_t, return FAILED; } - if (this->method->process(this->method, in, &this->out) == NEED_MORE) - { - in->destroy(in); - return NEED_MORE; - } + status = this->method->process(this->method, in, &this->out); + in->destroy(in); - if (vendor) - { - DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", type, vendor); - } - else + switch (status) { - DBG1(DBG_IKE, "%N method failed", eap_type_names, type); - } - in->destroy(in); - return FAILED; + case SUCCESS: + this->method->destroy(this->method); + this->method = NULL; + /* fall through to NEED_MORE since response must be sent */ + case NEED_MORE: + return NEED_MORE; + case FAILED: + default: + if (vendor) + { + DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", + type, vendor); + } + else + { + DBG1(DBG_IKE, "%N method failed", eap_type_names, type); + } + return FAILED; + } } METHOD(tls_application_t, build, status_t, diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c index 45fc79460..8401f85b2 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c @@ -201,12 +201,23 @@ METHOD(tls_application_t, process, status_t, DBG1(DBG_IKE, "%N phase2 authentication of '%Y' with %N successful", eap_type_names, EAP_TTLS, this->peer, eap_type_names, type); + this->method->destroy(this->method); + this->method = NULL; break; case NEED_MORE: break; case FAILED: default: - DBG1(DBG_IKE, "%N method failed", eap_type_names, type); + if (vendor) + { + DBG1(DBG_IKE, "vendor specific EAP method %d-%d failed", + type, vendor); + } + else + { + DBG1(DBG_IKE, "%N method failed", eap_type_names, type); + } + return FAILED; } return status; } @@ -219,6 +230,24 @@ METHOD(tls_application_t, build, status_t, eap_type_t type; u_int32_t vendor; + if (this->method == NULL && this->start_phase2 && + lib->settings->get_bool(lib->settings, + "charon.plugins.eap-ttls.phase2_piggyback", FALSE)) + { + /* generate an EAP Identity request which will be piggybacked right + * onto the TLS Finished message thus initiating EAP-TTLS phase2 + */ + this->method = charon->eap->create_instance(charon->eap, EAP_IDENTITY, + 0, EAP_SERVER, this->server, this->peer); + if (this->method == NULL) + { + DBG1(DBG_IKE, "EAP_IDENTITY method not available"); + return FAILED; + } + this->method->initiate(this->method, &this->out); + this->start_phase2 = FALSE; + } + if (this->out) { code = this->out->get_code(this->out); |