Add basic support for XAuth responder authentication
authorMartin Willi <martin@revosec.ch>
Thu, 14 Jun 2012 14:13:10 +0000 (16:13 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 27 Jun 2012 09:42:56 +0000 (11:42 +0200)
src/libcharon/sa/ikev1/tasks/aggressive_mode.c
src/libcharon/sa/ikev1/tasks/main_mode.c

index 1b6ccc5..d6ed9aa 100644 (file)
@@ -303,8 +303,9 @@ METHOD(task_t, build_i, status_t,
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                case AUTH_HYBRID_RESP_RSA:
-                                       /* TODO-IKEv1: not yet */
-                                       return FAILED;
+                                       this->ike_sa->queue_task(this->ike_sa,
+                                                                       (task_t*)xauth_create(this->ike_sa, TRUE));
+                                       return SUCCESS;
                                default:
                                        if (charon->ike_sa_manager->check_uniqueness(
                                                                charon->ike_sa_manager, this->ike_sa, FALSE))
@@ -476,8 +477,8 @@ METHOD(task_t, process_r, status_t,
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                case AUTH_HYBRID_RESP_RSA:
-                                       /* TODO-IKEv1: not yet supported */
-                                       return FAILED;
+                                       /* wait for XAUTH request */
+                                       return SUCCESS;
                                default:
                                        if (charon->ike_sa_manager->check_uniqueness(
                                                                charon->ike_sa_manager, this->ike_sa, FALSE))
index 11bdc1d..a65b3a6 100644 (file)
@@ -505,8 +505,8 @@ METHOD(task_t, build_r, status_t,
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                case AUTH_HYBRID_RESP_RSA:
-                                       /* TODO-IKEv1: not yet supported */
-                                       return FAILED;
+                                       /* wait for XAUTH request */
+                                       return SUCCESS;
                                default:
                                        if (charon->ike_sa_manager->check_uniqueness(
                                                                charon->ike_sa_manager, this->ike_sa, FALSE))
@@ -634,8 +634,9 @@ METHOD(task_t, process_i, status_t,
                                case AUTH_XAUTH_RESP_PSK:
                                case AUTH_XAUTH_RESP_RSA:
                                case AUTH_HYBRID_RESP_RSA:
-                                       /* TODO-IKEv1: not yet */
-                                       return FAILED;
+                                       this->ike_sa->queue_task(this->ike_sa,
+                                                                       (task_t*)xauth_create(this->ike_sa, TRUE));
+                                       return SUCCESS;
                                default:
                                        if (charon->ike_sa_manager->check_uniqueness(
                                                                charon->ike_sa_manager, this->ike_sa, FALSE))