diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-08-25 15:37:27 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-08-25 15:37:27 +0200 |
| commit | c7307e752d8f47c68f834e22ee2ce0a14a70e695 (patch) | |
| tree | fbb442a20ab54aad511b46a070e65b8d09c22791 /src/libcharon/sa/ikev2/tasks/ike_auth.c | |
| parent | f74c6d77c3efb529e7403eeef0613c061eb895b3 (diff) | |
| parent | 6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff) | |
| download | vyos-strongswan-c7307e752d8f47c68f834e22ee2ce0a14a70e695.tar.gz vyos-strongswan-c7307e752d8f47c68f834e22ee2ce0a14a70e695.zip | |
Merge tag 'upstream/5.1.0'
Upstream version 5.1.0
Diffstat (limited to 'src/libcharon/sa/ikev2/tasks/ike_auth.c')
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_auth.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 942f97cf5..8f83c4884 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -852,6 +852,33 @@ local_auth_failed: return FAILED; } +/** + * Send an INFORMATIONAL message with an AUTH_FAILED before closing IKE_SA + */ +static void send_auth_failed_informational(private_ike_auth_t *this, + message_t *reply) +{ + message_t *message; + packet_t *packet; + host_t *host; + + message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); + message->set_message_id(message, reply->get_message_id(reply) + 1); + host = this->ike_sa->get_my_host(this->ike_sa); + message->set_source(message, host->clone(host)); + host = this->ike_sa->get_other_host(this->ike_sa); + message->set_destination(message, host->clone(host)); + message->set_exchange_type(message, INFORMATIONAL); + message->add_notify(message, FALSE, AUTHENTICATION_FAILED, chunk_empty); + + if (this->ike_sa->generate_message(this->ike_sa, message, + &packet) == SUCCESS) + { + charon->sender->send(charon->sender, packet); + } + message->destroy(message); +} + METHOD(task_t, process_i, status_t, private_ike_auth_t *this, message_t *message) { @@ -908,6 +935,7 @@ METHOD(task_t, process_i, status_t, DBG1(DBG_IKE, "received %N notify error", notify_type_names, type); enumerator->destroy(enumerator); + charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); return FAILED; } DBG2(DBG_IKE, "received %N notify", @@ -1004,6 +1032,7 @@ METHOD(task_t, process_i, status_t, break; default: charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED); + send_auth_failed_informational(this, message); return FAILED; } } @@ -1048,6 +1077,7 @@ METHOD(task_t, process_i, status_t, peer_auth_failed: charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED); + send_auth_failed_informational(this, message); return FAILED; } |