Encode EAP-Naks in expanded format if we got an expanded type request

Since methods defined by the IETF (vendor ID 0) could also be encoded in
expanded type format the previous check was insufficient.

diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index 15a9972..855504f 100644 (file)
--- a/src/libcharon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
@@ -241,6 +241,12 @@ METHOD(eap_payload_t, get_type, eap_type_t,
        return 0;
 }
 
+METHOD(eap_payload_t, is_expanded, bool,
+       private_eap_payload_t *this)
+{
+       return this->data.len > 4 ? this->data.ptr[4] == EAP_EXPANDED : FALSE;
+}
+
 METHOD2(payload_t, eap_payload_t, destroy, void,
        private_eap_payload_t *this)
 {
@@ -272,6 +278,7 @@ eap_payload_t *eap_payload_create()
                        .get_code = _get_code,
                        .get_identifier = _get_identifier,
                        .get_type = _get_type,
+                       .is_expanded = _is_expanded,
                        .destroy = _destroy,
                },
                .next_payload = NO_PAYLOAD,

diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h
index d3c3fae..9349832 100644 (file)
--- a/src/libcharon/encoding/payloads/eap_payload.h
+++ b/src/libcharon/encoding/payloads/eap_payload.h
@@ -83,6 +83,13 @@ struct eap_payload_t {
        eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
 
        /**
+        * Check if the EAP method type is encoded in the Expanded Type format.
+        *
+        * @return                      TRUE if in Expanded Type format
+        */
+       bool (*is_expanded) (eap_payload_t *this);
+
+       /**
         * Destroys an eap_payload_t object.
         */
        void (*destroy) (eap_payload_t *this);
@@ -129,8 +136,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
  * @param identifier   EAP identifier to use in payload
  * @param type                 preferred auth type, 0 to send all supported types
  * @param vendor               vendor identifier for auth type, 0 for default
- * @param expanded             TRUE to send an expanded Nak (as response to an expanded
- *                                             request, i.e. one with vendor specific type)
+ * @param expanded             TRUE to send an expanded Nak
  * @return                             eap_payload_t object
  */
 eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type,

diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
index 5e19726..79fd667 100644 (file)
--- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c
+++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c
@@ -152,7 +152,7 @@ METHOD(tls_application_t, process, status_t,
                {
                        DBG1(DBG_IKE, "EAP method not supported");
                        this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0,
-                                                                                          received_vendor != 0);
+                                                                                          in->is_expanded(in));
                        in->destroy(in);
                        return NEED_MORE;
                }

diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
index 811fe05..00a4da3 100644 (file)
--- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
+++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
@@ -193,7 +193,7 @@ METHOD(tls_application_t, process, status_t,
                {
                        DBG1(DBG_IKE, "EAP method not supported");
                        this->out = eap_payload_create_nak(in->get_identifier(in), 0, 0,
-                                                                                          received_vendor != 0);
+                                                                                          in->is_expanded(in));
                        in->destroy(in);
                        return NEED_MORE;
                }

diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index c9178d0..a340c04 100644 (file)
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -404,14 +404,14 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this,
                                         eap_type_names, conf_type);
                        }
                        return eap_payload_create_nak(in->get_identifier(in), conf_type,
-                                                                                 conf_vendor, vendor != 0);
+                                                                                 conf_vendor, in->is_expanded(in));
                }
                this->method = load_method(this, type, vendor, EAP_PEER);
                if (!this->method)
                {
                        DBG1(DBG_IKE, "EAP method not supported, sending EAP_NAK");
                        return eap_payload_create_nak(in->get_identifier(in), 0, 0,
-                                                                                 vendor != 0);
+                                                                                 in->is_expanded(in));
                }
        }