ikev2: raise LOCAL_AUTH_FAILED when receiving INFORMATIONAL with AUTH_FAILED
authorMartin Willi <martin@revosec.ch>
Fri, 17 May 2013 08:36:40 +0000 (10:36 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 11 Jun 2013 13:54:26 +0000 (15:54 +0200)
src/libcharon/sa/ikev2/tasks/ike_delete.c

index f127b0c..9bc62bf 100644 (file)
@@ -109,6 +109,14 @@ METHOD(task_t, process_r, status_t,
                 this->ike_sa->get_other_host(this->ike_sa),
                 this->ike_sa->get_other_id(this->ike_sa));
 
+       if (message->get_exchange_type(message) == INFORMATIONAL &&
+               message->get_notify(message, AUTHENTICATION_FAILED))
+       {
+               /* a late AUTHENTICATION_FAILED notify from the initiator after
+                * we have established the IKE_SA: signal auth failure */
+               charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
+       }
+
        switch (this->ike_sa->get_state(this->ike_sa))
        {
                case IKE_ESTABLISHED: