On Thu, Oct 19, 2017 at 10:38:57AM -0400, Andrew Cagney wrote: > where it sends out the AUTH reply (an st_event), and a short while later > sends out an XAUTH request (an st_send_xauth_event, recent changes mean it > is generated from scratch and doesn't replace the AUTH reply?). > > With this, the problem I'm seeing is that when the initiator comes back > with its XAUTH reply, the responder, in xauth_launch_authent() needs to > cancel both the RETRANSMIT and the SEND_XAUTH but it only cancels the first > and only when PAM. This lets SEND_XAUTH fire repeatedly and even after PAM > finishes and the final reply sent, and its code uses change_state() to > blungeon the state back to XAUTH_R0 resulting in much confusion.
here is a fix that comes to my mind. I am hopping this works for aggressive mode and main mode. -antony
>From 2fe40fd8f9b9583f5712a8fd01905fd751490070 Mon Sep 17 00:00:00 2001 From: Antony Antony <[email protected]> Date: Thu, 19 Oct 2017 19:33:38 +0000 Subject: [PATCH] xauth: cancel pending EVENT_v1_SEND_XAUTH IKEv1 responder, when an xauth response arrive cancel the pending EVENT_v1_SEND_XAUTH --- programs/pluto/ikev1_xauth.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/pluto/ikev1_xauth.c b/programs/pluto/ikev1_xauth.c index 233572c1f..2316448b9 100644 --- a/programs/pluto/ikev1_xauth.c +++ b/programs/pluto/ikev1_xauth.c @@ -1177,6 +1177,8 @@ static int xauth_launch_authent(struct state *st, ikev1_xauth_callback); delete_event(st); event_schedule(EVENT_PAM_TIMEOUT, EVENT_PAM_TIMEOUT_DELAY, st); + + delete_state_event(st, &st->st_send_xauth_event); break; #endif case XAUTHBY_FILE: -- 2.13.5
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
