Look for an XAuth authentication config both in the first and the second round

author: Martin Willi <martin@revosec.ch> 2011-12-14 09:44:59 +0100
committer: Martin Willi <martin@revosec.ch> 2012-03-20 17:31:21 +0100
commit: d1b986eb4825ea93a9bade30c2c42b76a38e6a0d (patch)
tree: 4079b89ed1a56f1691c68a711ce34caea69a76a8 /src
parent: d548435a02f26cb7d3624349107f8b062d48556e (diff)
download: strongswan-d1b986eb4825ea93a9bade30c2c42b76a38e6a0d.tar.bz2
strongswan-d1b986eb4825ea93a9bade30c2c42b76a38e6a0d.tar.xz
1 files changed, 8 insertions, 4 deletions
diff --git a/src/libcharon/sa/tasks/xauth.c b/src/libcharon/sa/tasks/xauth.c
index 4fd896e3c..58e127aa9 100644
--- a/src/libcharon/sa/tasks/xauth.c
+++ b/src/libcharon/sa/tasks/xauth.c
@@ -93,11 +93,15 @@ static xauth_method_t *load_method(ike_sa_t *ike_sa, bool initiator)
 	peer_cfg = ike_sa->get_peer_cfg(ike_sa);
 	enumerator = peer_cfg->create_auth_cfg_enumerator(peer_cfg, !initiator);
 	if (!enumerator->enumerate(enumerator, &auth) ||
-		!enumerator->enumerate(enumerator, &auth))
+		(uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS) != AUTH_CLASS_XAUTH)
 	{
-		DBG1(DBG_CFG, "no second authentication round found for XAuth");
-		enumerator->destroy(enumerator);
-		return NULL;
+		if (!enumerator->enumerate(enumerator, &auth) ||
+			(uintptr_t)auth->get(auth, AUTH_RULE_AUTH_CLASS) != AUTH_CLASS_XAUTH)
+		{
+			DBG1(DBG_CFG, "no XAuth authentication round found");
+			enumerator->destroy(enumerator);
+			return NULL;
+		}
 	}
 	name = auth->get(auth, AUTH_RULE_XAUTH_BACKEND);
 	enumerator->destroy(enumerator);
author	Martin Willi <martin@revosec.ch>	2011-12-14 09:44:59 +0100
committer	Martin Willi <martin@revosec.ch>	2012-03-20 17:31:21 +0100
commit	d1b986eb4825ea93a9bade30c2c42b76a38e6a0d (patch)
tree	4079b89ed1a56f1691c68a711ce34caea69a76a8 /src
parent	d548435a02f26cb7d3624349107f8b062d48556e (diff)
download	strongswan-d1b986eb4825ea93a9bade30c2c42b76a38e6a0d.tar.bz2 strongswan-d1b986eb4825ea93a9bade30c2c42b76a38e6a0d.tar.xz