[Swan-dev] xauth protocol and retransmits
Antony Antony
antony at phenome.org
Thu Oct 19 19:41:46 UTC 2017
On Thu, Oct 19, 2017 at 10:38:57AM -0400, Andrew Cagney wrote:
> where it sends out the AUTH reply (an st_event), and a short while later
> sends out an XAUTH request (an st_send_xauth_event, recent changes mean it
> is generated from scratch and doesn't replace the AUTH reply?).
>
> With this, the problem I'm seeing is that when the initiator comes back
> with its XAUTH reply, the responder, in xauth_launch_authent() needs to
> cancel both the RETRANSMIT and the SEND_XAUTH but it only cancels the first
> and only when PAM. This lets SEND_XAUTH fire repeatedly and even after PAM
> finishes and the final reply sent, and its code uses change_state() to
> blungeon the state back to XAUTH_R0 resulting in much confusion.
here is a fix that comes to my mind.
I am hopping this works for aggressive mode and main mode.
-antony
-------------- next part --------------
>From 2fe40fd8f9b9583f5712a8fd01905fd751490070 Mon Sep 17 00:00:00 2001
From: Antony Antony <antony at phenome.org>
Date: Thu, 19 Oct 2017 19:33:38 +0000
Subject: [PATCH] xauth: cancel pending EVENT_v1_SEND_XAUTH
IKEv1 responder, when an xauth response arrive cancel
the pending EVENT_v1_SEND_XAUTH
---
programs/pluto/ikev1_xauth.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/programs/pluto/ikev1_xauth.c b/programs/pluto/ikev1_xauth.c
index 233572c1f..2316448b9 100644
--- a/programs/pluto/ikev1_xauth.c
+++ b/programs/pluto/ikev1_xauth.c
@@ -1177,6 +1177,8 @@ static int xauth_launch_authent(struct state *st,
ikev1_xauth_callback);
delete_event(st);
event_schedule(EVENT_PAM_TIMEOUT, EVENT_PAM_TIMEOUT_DELAY, st);
+
+ delete_state_event(st, &st->st_send_xauth_event);
break;
#endif
case XAUTHBY_FILE:
--
2.13.5
More information about the Swan-dev
mailing list