send proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches

author Martin Willi <martin@strongswan.org>

Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)

committer Martin Willi <martin@strongswan.org>

Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)
author Martin Willi <martin@strongswan.org>
Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)
committer Martin Willi <martin@strongswan.org>
Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)
diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c

index 2e40534..ad16217 100644 (file)
--- a/src/charon/sa/tasks/ike_auth.c
+++ b/src/charon/sa/tasks/ike_auth.c
@@ -336,6 +336,12 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message)
         authenticator_t *auth;
         auth_payload_t *auth_payload;
         
+       if (!this->initiator && !this->peer_authenticated)
+       {
+               message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty);
+               return FAILED;
+       }
+       
         auth = (authenticator_t*)this->eap_auth;
         if (auth->build(auth, this->my_packet->get_data(this->my_packet),
                 this->other_nonce, &auth_payload) != SUCCESS)
author	Martin Willi <martin@strongswan.org>
	Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)
committer	Martin Willi <martin@strongswan.org>
	Tue, 10 Feb 2009 17:21:44 +0000 (17:21 -0000)