Copy EAP specific attributes to auth config only
authorMartin Willi <martin@revosec.ch>
Mon, 28 Jun 2010 13:41:48 +0000 (15:41 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 5 Jul 2010 07:41:04 +0000 (09:41 +0200)
src/libcharon/sa/authenticators/eap_authenticator.c
src/libcharon/sa/tasks/ike_auth.c

index 4617c4d..0fbeb63 100644 (file)
@@ -220,7 +220,6 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
        eap_type_t type, received_type;
        u_int32_t vendor, received_vendor;
        eap_payload_t *out;
-       auth_cfg_t *cfg;
 
        if (in->get_code(in) != EAP_RESPONSE)
        {
@@ -283,12 +282,6 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
                        }
                        this->ike_sa->set_condition(this->ike_sa, COND_EAP_AUTHENTICATED,
                                                                                TRUE);
-                       cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
-                       cfg->add(cfg, AUTH_RULE_EAP_TYPE, type);
-                       if (vendor)
-                       {
-                               cfg->add(cfg, AUTH_RULE_EAP_VENDOR, vendor);
-                       }
                        this->eap_complete = TRUE;
                        return eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in));
                case FAILED:
index a07f967..5df1a26 100644 (file)
@@ -527,7 +527,16 @@ static status_t process_r(private_ike_auth_t *this, message_t *message)
                                }
                                cand = get_auth_cfg(this, FALSE);
                        }
-                       cfg->merge(cfg, cand, TRUE);
+                       /* copy over the EAP specific rules for authentication */
+                       cfg->add(cfg, AUTH_RULE_EAP_TYPE,
+                                        cand->get(cand, AUTH_RULE_EAP_TYPE));
+                       cfg->add(cfg, AUTH_RULE_EAP_VENDOR,
+                                        cand->get(cand, AUTH_RULE_EAP_VENDOR));
+                       id = (identification_t*)cand->get(cand, AUTH_RULE_EAP_IDENTITY);
+                       if (id)
+                       {
+                               cfg->add(cfg, AUTH_RULE_EAP_IDENTITY, id->clone(id));
+                       }
                }
 
                /* verify authentication data */