send an empty EAP Ack client message if TLS was successful and handle it on the server
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 Apr 2011 13:02:08 +0000 (15:02 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 Apr 2011 13:02:39 +0000 (15:02 +0200)
src/libcharon/plugins/eap_peap/eap_peap_peer.c
src/libcharon/plugins/eap_peap/eap_peap_server.c

index fe071b3..ca2af4f 100644 (file)
@@ -42,11 +42,6 @@ struct private_eap_peap_peer_t {
        identification_t *peer;
 
        /**
-        * Current EAP-PEAP state
-        */
-       bool start_phase2;
-
-       /**
      * Outer phase 1 EAP method
         */
        eap_method_t *ph1_method;
@@ -161,7 +156,6 @@ METHOD(tls_application_t, process, status_t,
                        return NEED_MORE;
                }
                type = this->ph2_method->get_type(this->ph2_method, &vendor);
-               this->start_phase2 = FALSE;
        }
 
        status = this->ph2_method->process(this->ph2_method, in, &this->out);
@@ -198,27 +192,6 @@ METHOD(tls_application_t, build, status_t,
        eap_type_t type;
        u_int32_t vendor;
 
-       if (this->ph2_method == NULL && this->start_phase2)
-       {
-               /* generate an EAP Identity response */
-               this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
-                                                                0,     EAP_PEER, this->server, this->peer);
-               if (this->ph2_method == NULL)
-               {
-                       DBG1(DBG_IKE, "EAP_IDENTITY method not available");
-                       return FAILED;
-               }
-       
-               /* synchronize EAP message identifiers of inner protocol with outer */
-               this->ph2_method->set_identifier(this->ph2_method,
-                                                       this->ph1_method->get_identifier(this->ph1_method));
-
-               this->ph2_method->process(this->ph2_method, NULL, &this->out);
-               this->ph2_method->destroy(this->ph2_method);
-               this->ph2_method = NULL;
-               this->start_phase2 = FALSE;
-       }
-
        if (this->out)
        {
                code = this->out->get_code(this->out);
@@ -276,7 +249,6 @@ eap_peap_peer_t *eap_peap_peer_create(identification_t *server,
                .server = server->clone(server),
                .peer = peer->clone(peer),
                .ph1_method = eap_method,
-               .start_phase2 = TRUE,
                .avp = eap_peap_avp_create(FALSE),
        );
 
index f8dd8b9..3fabc35 100644 (file)
@@ -52,6 +52,11 @@ struct private_eap_peap_server_t {
        bool start_phase2_tnc;
 
        /**
+        * Starts phase 2 with EAP Identity request
+        */
+       bool start_phase2_id;
+
+       /**
         * Final EAP-PEAP phase2 result
         */
        eap_code_t phase2_result;
@@ -332,12 +337,12 @@ METHOD(tls_application_t, build, status_t,
        eap_type_t type;
        u_int32_t vendor;
 
-       if (this->ph2_method == NULL && this->start_phase2 &&
-               lib->settings->get_bool(lib->settings,
-                               "charon.plugins.eap-peap.phase2_piggyback", FALSE))
+       if (this->ph2_method == NULL && this->start_phase2 && this->start_phase2_id)
        {
-               /* generate an EAP Identity request which will be piggybacked right
-                * onto the TLS Finished message thus initiating EAP-PEAP phase2
+               /*
+                * Start Phase 2 with an EAP Identity request either piggybacked right
+                * onto the TLS Finished payload or delayed after the reception of an
+                * empty EAP Acknowledge message.
                 */
                this->ph2_method = charon->eap->create_instance(charon->eap, EAP_IDENTITY,
                                                                 0,     EAP_SERVER, this->server, this->peer);
@@ -355,6 +360,8 @@ METHOD(tls_application_t, build, status_t,
                this->ph2_method->initiate(this->ph2_method, &this->out);
                this->start_phase2 = FALSE;
        }
+       
+       this->start_phase2_id = TRUE;
 
        if (this->out)
        {
@@ -415,6 +422,8 @@ eap_peap_server_t *eap_peap_server_create(identification_t *server,
                .ph1_method = eap_method,
                .start_phase2 = TRUE,
                .start_phase2_tnc = TRUE,
+               .start_phase2_id = lib->settings->get_bool(lib->settings,
+                                                       "charon.plugins.eap-peap.phase2_piggyback", FALSE),
                .phase2_result = EAP_FAILURE,
                .avp = eap_peap_avp_create(TRUE),
        );