send proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches
authorMartin Willi <martin@strongswan.org>
Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)
committerMartin Willi <martin@strongswan.org>
Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)
src/charon/sa/tasks/ike_auth.c

index 2e40534..ad16217 100644 (file)
@@ -336,6 +336,12 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message)
        authenticator_t *auth;
        auth_payload_t *auth_payload;
        
+       if (!this->initiator && !this->peer_authenticated)
+       {
+               message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty);
+               return FAILED;
+       }
+       
        auth = (authenticator_t*)this->eap_auth;
        if (auth->build(auth, this->my_packet->get_data(this->my_packet),
                this->other_nonce, &auth_payload) != SUCCESS)