Use client identities from successful authentications, only
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 12 Aug 2013 06:25:48 +0000 (08:25 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 15 Aug 2013 21:34:23 +0000 (23:34 +0200)
src/libpttls/pt_tls_server.c

index fd5d952..78937b1 100644 (file)
@@ -112,33 +112,27 @@ static status_t process_sasl(private_pt_tls_server_t *this,
                                                         sasl_mechanism_t *sasl, chunk_t data)
 {
        bio_writer_t *writer;
-       status_t status;
        identification_t *client;
        tnccs_t *tnccs;
 
-       status = sasl->process(sasl, data);
-       if (status != NEED_MORE)
-       {
-               client = sasl->get_client(sasl);
-               if (client)
-               {
-                       DBG1(DBG_TNC, "SASL client identity is '%Y'", client);
-                       this->tnccs->set_peer_id(this->tnccs, client);
-                       if (streq(sasl->get_name(sasl), "PLAIN"))
-                       {
-                               tnccs = (tnccs_t*)this->tnccs;
-                               tnccs->set_auth_type(tnccs, TNC_AUTH_PASSWORD);
-                       }
-               }
-       }
-
-       switch (status)
+       switch (sasl->process(sasl, data))
        {
                case NEED_MORE:
                        return NEED_MORE;
                case SUCCESS:
                        DBG1(DBG_TNC, "SASL %s authentication successful",
                                 sasl->get_name(sasl));
+                       client = sasl->get_client(sasl);
+                       if (client)
+                       {
+                               DBG1(DBG_TNC, "SASL client identity is '%Y'", client);
+                               this->tnccs->set_peer_id(this->tnccs, client);
+                               if (streq(sasl->get_name(sasl), "PLAIN"))
+                               {
+                                       tnccs = (tnccs_t*)this->tnccs;
+                                       tnccs->set_auth_type(tnccs, TNC_AUTH_PASSWORD);
+                               }
+                       }
                        writer = bio_writer_create(1);
                        writer->write_uint8(writer, PT_TLS_SASL_RESULT_SUCCESS);
                        if (pt_tls_write(this->tls, writer, PT_TLS_SASL_RESULT,