Patch: Send AUTHENTICATION_FAILED in case of unexpected auth method or auth data not being accessible

Claudia Priesterjahn Tue, 29 Jun 2021 04:10:56 -0700

We added two AUTHENTICATION_FAILED notifications for the cases that
the peer used an unexepected authentication method and for the case
that the peer's authentication data is not accessible.


diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 9e890979110..1870dc18459 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -805,6 +805,8 @@ ikev2_auth_verify(struct iked *env, struct iked_sa *sa)
                    ikev2_auth_map),
                    print_map(ikeauth.auth_method,
                    ikev2_auth_map));
+                       /* send N(AUTHENTICATION_FAILED) back */
+                       ikev2_send_auth_failed(env, sa);
                return (-1);
        }
        ikeauth.auth_method = sa->sa_peerauth.id_type;
@@ -813,6 +815,8 @@ ikev2_auth_verify(struct iked *env, struct iked_sa *sa)
            sa->sa_hdr.sh_initiator)) == NULL) {
                log_debug("%s: failed to get auth data",
                    __func__);
+               /* send N(AUTHENTICATION_FAILED) back */
+               ikev2_send_auth_failed(env, sa);
                return (-1);
        }

Patch: Send AUTHENTICATION_FAILED in case of unexpected auth method or auth data not being accessible

Reply via email to