{
auth_cfg_t *cfg;
- if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", TRUE))
+ if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", FALSE))
{
while (this->my_auths->remove_last(this->my_auths,
(void**)&cfg) == SUCCESS)
}
/**
+ * Implementation of ike_sa_t.get_other_eap_id.
+ */
+static identification_t* get_other_eap_id(private_ike_sa_t *this)
+{
+ identification_t *id = NULL, *current;
+ enumerator_t *enumerator;
+ auth_cfg_t *cfg;
+
+ enumerator = this->other_auths->create_enumerator(this->other_auths);
+ while (enumerator->enumerate(enumerator, &cfg))
+ {
+ /* prefer EAP-Identity of last round */
+ current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
+ if (!current || current->get_type(current) == ID_ANY)
+ {
+ current = cfg->get(cfg, AUTH_RULE_IDENTITY);
+ }
+ if (current && current->get_type(current) != ID_ANY)
+ {
+ id = current;
+ continue;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (id)
+ {
+ return id;
+ }
+ return this->other_id;
+}
+
+/**
* Implementation of ike_sa_t.set_other_id.
*/
static void set_other_id(private_ike_sa_t *this, identification_t *other)
if (this->peer_cfg && this->peer_cfg->get_pool(this->peer_cfg))
{
hydra->attributes->release_address(hydra->attributes,
- this->peer_cfg->get_pool(this->peer_cfg),
- this->other_virtual_ip, this->other_id);
+ this->peer_cfg->get_pool(this->peer_cfg),
+ this->other_virtual_ip, get_other_eap_id(this));
}
this->other_virtual_ip->destroy(this->other_virtual_ip);
}
this->public.set_my_id = (void (*)(ike_sa_t*,identification_t*)) set_my_id;
this->public.get_other_id = (identification_t* (*)(ike_sa_t*)) get_other_id;
this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id;
+ this->public.get_other_eap_id = (identification_t* (*)(ike_sa_t*)) get_other_eap_id;
this->public.enable_extension = (void(*)(ike_sa_t*, ike_extension_t extension))enable_extension;
this->public.supports_extension = (bool(*)(ike_sa_t*, ike_extension_t extension))supports_extension;
this->public.set_condition = (void (*)(ike_sa_t*, ike_condition_t,bool)) set_condition;
}
/**
- * Find a peer (EAP) identity to query provider for attributes
- */
-static identification_t *get_peer_identity(private_ike_config_t *this)
-{
- identification_t *id = NULL, *current;
- enumerator_t *enumerator;
- auth_cfg_t *cfg;
-
- enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE);
- while (enumerator->enumerate(enumerator, &cfg))
- {
- /* prefer EAP-Identity of last round */
- current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
- if (!current || current->get_type(current) == ID_ANY)
- {
- current = cfg->get(cfg, AUTH_RULE_IDENTITY);
- }
- if (current && current->get_type(current) != ID_ANY)
- {
- id = current;
- continue;
- }
- }
- enumerator->destroy(enumerator);
- if (!id)
- { /* fallback, should not happen */
- id = this->ike_sa->get_other_id(this->ike_sa);
- }
- return id;
-}
-
-/**
* Implementation of task_t.build for responder
*/
static status_t build_r(private_ike_config_t *this, message_t *message)
peer_cfg_t *config;
identification_t *id;
- id = get_peer_identity(this);
+ id = this->ike_sa->get_other_eap_id(this->ike_sa);
config = this->ike_sa->get_peer_cfg(this->ike_sa);
if (config && this->virtual_ip)