Throw an alert via bus_t when remote authentication fails.
authorTobias Brunner <tobias@strongswan.org>
Wed, 10 Aug 2011 13:17:40 +0000 (15:17 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Aug 2011 07:59:27 +0000 (09:59 +0200)
src/libcharon/bus/bus.h
src/libcharon/sa/tasks/ike_auth.c

index dacbac8..1b4d856 100644 (file)
@@ -80,10 +80,12 @@ typedef struct bus_t bus_t;
  * Kind of alerts to raise.
  */
 enum alert_t {
-       /* a RADIUS server did not respond, no additional arguments */
+       /** a RADIUS server did not respond, no additional arguments */
        ALERT_RADIUS_NOT_RESPONDING,
-       /* a shutdown signal has been received, argument is a int with the signal */
+       /** a shutdown signal has been received, argument is the signal (int) */
        ALERT_SHUTDOWN_SIGNAL,
+       /** responder authentication failed, no arguments */
+       ALERT_RESPONDER_AUTH_FAILED,
 };
 
 /**
index 0756c7d..f52f17a 100644 (file)
@@ -908,7 +908,7 @@ METHOD(task_t, process_i, status_t,
                        if (!id_payload)
                        {
                                DBG1(DBG_IKE, "IDr payload missing");
-                               return FAILED;
+                               goto remote_auth_failed;
                        }
                        id = id_payload->get_identification(id_payload);
                        get_reserved_id_bytes(this, id_payload);
@@ -926,7 +926,7 @@ METHOD(task_t, process_i, status_t,
                                                                this->reserved);
                                if (!this->other_auth)
                                {
-                                       return FAILED;
+                                       goto remote_auth_failed;
                                }
                        }
                        else
@@ -944,7 +944,7 @@ METHOD(task_t, process_i, status_t,
                                case NEED_MORE:
                                        return NEED_MORE;
                                default:
-                                       return FAILED;
+                                       goto remote_auth_failed;
                        }
                        this->other_auth->destroy(this->other_auth);
                        this->other_auth = NULL;
@@ -953,7 +953,7 @@ METHOD(task_t, process_i, status_t,
                if (!charon->bus->authorize(charon->bus, FALSE))
                {
                        DBG1(DBG_IKE, "authorization forbids IKE_SA, cancelling");
-                       return FAILED;
+                       goto remote_auth_failed;
                }
 
                /* store authentication information, reset authenticator */
@@ -978,7 +978,7 @@ METHOD(task_t, process_i, status_t,
                        case NEED_MORE:
                                break;
                        default:
-                               return FAILED;
+                               goto remote_auth_failed;
                }
        }
        if (mutual_eap)
@@ -986,7 +986,7 @@ METHOD(task_t, process_i, status_t,
                if (!this->my_auth || !this->my_auth->is_mutual(this->my_auth))
                {
                        DBG1(DBG_IKE, "do not allow non-mutual EAP-only authentication");
-                       return FAILED;
+                       goto remote_auth_failed;
                }
                DBG1(DBG_IKE, "allow mutual EAP-only authentication");
        }
@@ -999,12 +999,13 @@ METHOD(task_t, process_i, status_t,
        {
                if (!update_cfg_candidates(this, TRUE))
                {
-                       return FAILED;
+                       goto remote_auth_failed;
                }
                if (!charon->bus->authorize(charon->bus, TRUE))
                {
-                       DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, cancelling");
-                       return FAILED;
+                       DBG1(DBG_IKE, "final authorization hook forbids IKE_SA, "
+                                             "cancelling");
+                       goto remote_auth_failed;
                }
                DBG0(DBG_IKE, "IKE_SA %s[%d] established between %H[%Y]...%H[%Y]",
                         this->ike_sa->get_name(this->ike_sa),
@@ -1018,6 +1019,10 @@ METHOD(task_t, process_i, status_t,
                return SUCCESS;
        }
        return NEED_MORE;
+
+remote_auth_failed:
+       charon->bus->alert(charon->bus, ALERT_RESPONDER_AUTH_FAILED);
+       return FAILED;
 }
 
 METHOD(task_t, get_type, task_type_t,