Copy EAP specific attributes to auth config only

author Martin Willi <martin@revosec.ch>

Mon, 28 Jun 2010 13:41:48 +0000 (15:41 +0200)

committer Martin Willi <martin@revosec.ch>

Mon, 5 Jul 2010 07:41:04 +0000 (09:41 +0200)
author Martin Willi <martin@revosec.ch>
Mon, 28 Jun 2010 13:41:48 +0000 (15:41 +0200)
committer Martin Willi <martin@revosec.ch>
Mon, 5 Jul 2010 07:41:04 +0000 (09:41 +0200)
diff --git a/src/libcharon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c

index 4617c4d..0fbeb63 100644 (file)
--- a/src/libcharon/sa/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/authenticators/eap_authenticator.c
@@ -220,7 +220,6 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
         eap_type_t type, received_type;
         u_int32_t vendor, received_vendor;
         eap_payload_t *out;
-       auth_cfg_t *cfg;
  
         if (in->get_code(in) != EAP_RESPONSE)
         {
@@ -283,12 +282,6 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
                         }
                         this->ike_sa->set_condition(this->ike_sa, COND_EAP_AUTHENTICATED,
                                                                                 TRUE);
-                       cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
-                       cfg->add(cfg, AUTH_RULE_EAP_TYPE, type);
-                       if (vendor)
-                       {
-                               cfg->add(cfg, AUTH_RULE_EAP_VENDOR, vendor);
-                       }
                         this->eap_complete = TRUE;
                         return eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in));
                 case FAILED:
diff --git a/src/libcharon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c

index a07f967..5df1a26 100644 (file)
--- a/src/libcharon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
@@ -527,7 +527,16 @@ static status_t process_r(private_ike_auth_t *this, message_t *message)
                                 }
                                 cand = get_auth_cfg(this, FALSE);
                         }
-                       cfg->merge(cfg, cand, TRUE);
+                       /* copy over the EAP specific rules for authentication */
+                       cfg->add(cfg, AUTH_RULE_EAP_TYPE,
+                                        cand->get(cand, AUTH_RULE_EAP_TYPE));
+                       cfg->add(cfg, AUTH_RULE_EAP_VENDOR,
+                                        cand->get(cand, AUTH_RULE_EAP_VENDOR));
+                       id = (identification_t*)cand->get(cand, AUTH_RULE_EAP_IDENTITY);
+                       if (id)
+                       {
+                               cfg->add(cfg, AUTH_RULE_EAP_IDENTITY, id->clone(id));
+                       }
                 }
  
                 /* verify authentication data */
author	Martin Willi <martin@revosec.ch>
	Mon, 28 Jun 2010 13:41:48 +0000 (15:41 +0200)
committer	Martin Willi <martin@revosec.ch>
	Mon, 5 Jul 2010 07:41:04 +0000 (09:41 +0200)
src/libcharon/sa/authenticators/eap_authenticator.c		patch \| blob \| history
src/libcharon/sa/tasks/ike_auth.c		patch \| blob \| history