use identifiers in EAP_SUCCESS/EAP_FAILURE payloads
authorMartin Willi <martin@strongswan.org>
Mon, 4 Feb 2008 11:43:10 +0000 (11:43 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 4 Feb 2008 11:43:10 +0000 (11:43 -0000)
src/charon/encoding/payloads/eap_payload.c
src/charon/encoding/payloads/eap_payload.h
src/charon/sa/authenticators/eap_authenticator.c

index 345114a..da2498c 100644 (file)
@@ -312,13 +312,13 @@ eap_payload_t *eap_payload_create_data(chunk_t data)
 /*
  * Described in header
  */
-eap_payload_t *eap_payload_create_code(eap_code_t code)
+eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier)
 {
        eap_payload_t *this = eap_payload_create();
        chunk_t data = chunk_alloca(4);
        
        *(data.ptr + 0) = code;
-       *(data.ptr + 1) = 0;
+       *(data.ptr + 1) = identifier;
        *(u_int16_t*)(data.ptr + 2) = htons(data.len);
        
        this->set_data(this, data);
@@ -328,13 +328,13 @@ eap_payload_t *eap_payload_create_code(eap_code_t code)
 /*
  * Described in header
  */
-eap_payload_t *eap_payload_create_nak()
+eap_payload_t *eap_payload_create_nak(u_int8_t identifier)
 {
        eap_payload_t *this = eap_payload_create();
        chunk_t data = chunk_alloca(5);
        
        *(data.ptr + 0) = EAP_RESPONSE;
-       *(data.ptr + 1) = 0;
+       *(data.ptr + 1) = identifier;
        *(u_int16_t*)(data.ptr + 2) = htons(data.len);
        *(data.ptr + 4) = EAP_NAK;
        
index 3addbb8..e4f8663 100644 (file)
@@ -132,19 +132,22 @@ eap_payload_t *eap_payload_create_data(chunk_t data);
  * Could should be either EAP_SUCCESS/EAP_FAILURE, use 
  * constructor above otherwise.
  *
- * @return eap_payload_t object
+ * @param code                 EAP status code
+ * @param identifier   EAP identifier to use in payload
+ * @return                             eap_payload_t object
  *
  * @ingroup payloads
  */
-eap_payload_t *eap_payload_create_code(eap_code_t code);
+eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
 
 /**
  * @brief Creates an eap_payload_t EAP_RESPONSE containing an EAP_NAK.
  *
- * @return eap_payload_t object
+ * @param identifier   EAP identifier to use in payload
+ * @return                             eap_payload_t object
  *
  * @ingroup payloads
  */
-eap_payload_t *eap_payload_create_nak();
+eap_payload_t *eap_payload_create_nak(u_int8_t identifier);
 
 #endif /* EAP_PAYLOAD_H_ */
index 6250604..edd75da 100644 (file)
@@ -147,7 +147,7 @@ static status_t initiate(private_eap_authenticator_t *this, eap_type_t type,
        {
                DBG1(DBG_IKE,
                         "client requested EAP authentication, but configuration forbids it");
-               *out = eap_payload_create_code(EAP_FAILURE);
+               *out = eap_payload_create_code(EAP_FAILURE, 0);
                return FAILED;
        }
        
@@ -169,14 +169,14 @@ static status_t initiate(private_eap_authenticator_t *this, eap_type_t type,
 
                DBG1(DBG_IKE, "configured EAP server method not supported, sending %N",
                         eap_code_names, EAP_FAILURE);
-               *out = eap_payload_create_code(EAP_FAILURE);
+               *out = eap_payload_create_code(EAP_FAILURE, 0);
                return FAILED;
        }
        if (this->method->initiate(this->method, out) != NEED_MORE)
        {
                DBG1(DBG_IKE, "failed to initiate EAP exchange, sending %N",
                         eap_type_names, type, eap_code_names, EAP_FAILURE);
-               *out = eap_payload_create_code(EAP_FAILURE);
+               *out = eap_payload_create_code(EAP_FAILURE, 0);
                return FAILED;  
        }
        return NEED_MORE;
@@ -234,7 +234,7 @@ static status_t process_peer(private_eap_authenticator_t *this,
                {
                        DBG1(DBG_IKE, "EAP server requested unsupported "
                                 "EAP method, sending EAP_NAK");
-                       *out = eap_payload_create_nak();
+                       *out = eap_payload_create_nak(in->get_identifier(in));
                        return NEED_MORE;
                }
        }
@@ -303,7 +303,7 @@ static status_t process_server(private_eap_authenticator_t *this,
                                DBG1(DBG_IKE, "EAP method %N succeded, %sMSK established",
                                         eap_type_names, type, this->msk.ptr ? "" : "no ");
                        }
-                       *out = eap_payload_create_code(EAP_SUCCESS);
+                       *out = eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in));
                        return SUCCESS;
                case FAILED:
                default:
@@ -319,7 +319,7 @@ static status_t process_server(private_eap_authenticator_t *this,
                                         eap_type_names, type,
                                         this->ike_sa->get_other_id(this->ike_sa));
                        }
-                       *out = eap_payload_create_code(EAP_FAILURE);
+                       *out = eap_payload_create_code(EAP_FAILURE, in->get_identifier(in));
                        return FAILED;
        }
 }
@@ -346,7 +346,8 @@ static status_t process(private_eap_authenticator_t *this, eap_payload_t *in,
                                {
                                        DBG1(DBG_IKE, "received %N, sending %N",
                                                 eap_code_names, code, eap_code_names, EAP_FAILURE);
-                                       *out = eap_payload_create_code(EAP_FAILURE);
+                                       *out = eap_payload_create_code(EAP_FAILURE,
+                                                                                                  in->get_identifier(in));
                                        return FAILED;
                                }
                        }