XAUTH interoperability with Cisco
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 29 Jan 2007 07:43:34 +0000 (07:43 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 29 Jan 2007 07:43:34 +0000 (07:43 -0000)
src/pluto/constants.h
src/pluto/demux.c
src/pluto/modecfg.c

index 34cae3c..b096f5e 100644 (file)
@@ -554,8 +554,8 @@ enum state_kind {
 #define IS_ISAKMP_SA_ESTABLISHED(s) (        \
                   (s) == STATE_MAIN_R3      \
                || (s) == STATE_MAIN_I4      \
-               || (s) == STATE_XAUTH_R3     \
                || (s) == STATE_XAUTH_I2     \
+               || (s) == STATE_XAUTH_R3     \
                || (s) == STATE_MODE_CFG_R1  \
                || (s) == STATE_MODE_CFG_I2  \
                || (s) == STATE_MODE_CFG_I3  \
index 1f47daf..7e59b18 100644 (file)
@@ -443,7 +443,7 @@ static const struct state_microcode state_microcode_table[] = {
     , EVENT_RETRANSMIT, xauth_inI0 },
 
     { STATE_XAUTH_R1, STATE_XAUTH_R2
-    , SMF_ALL_AUTH | SMF_ENCRYPTED | SMF_REPLY
+    , SMF_ALL_AUTH | SMF_ENCRYPTED
     , P(ATTR) | P(HASH), P(VID), PT(HASH)
     , EVENT_RETRANSMIT, xauth_inR1 },
 
@@ -1552,6 +1552,15 @@ process_packet(struct msg_digest **mdp)
 
            set_cur_state(st);
 
+           /* the XAUTH_STATUS message might have a new msgid */
+           if (st->st_state == STATE_XAUTH_I1)
+           {
+               init_phase2_iv(st, &md->hdr.isa_msgid);
+               new_iv_set = TRUE;
+               from_state = st->st_state;
+               break;
+           }
+
            if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
            {
                loglog(RC_LOG_SERIOUS, "ModeCfg message is unacceptable because"
index 1725adc..ab44a11 100644 (file)
@@ -910,6 +910,7 @@ xauth_inI0(struct msg_digest *md)
     if (stat == STF_OK)
     {
        st->st_xauth.started = TRUE;
+       st->st_msgid = 0;
        return STF_OK;
     }
     else
@@ -988,11 +989,8 @@ xauth_inR1(struct msg_digest *md)
 
     plog("sending XAUTH status:");
 
-    stat_build = modecfg_build_msg(st, &md->rbody
-                                    , ISAKMP_CFG_SET
-                                    , &ia
-                                    , isama_id);
-     if (stat_build != STF_OK)
+    stat_build = modecfg_send_msg(st, ISAKMP_CFG_SET, &ia);
+    if (stat_build != STF_OK)
        return stat_build;
     return STF_OK;
 }