New upstream version 5.7.0

author: Yves-Alexis Perez <corsac@debian.org> 2018-09-24 15:11:14 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2018-09-24 15:11:14 +0200
commit: e0e280b7669435b991b7e457abd8aa450930b3e8 (patch)
tree: 3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /src/libcharon/sa/ikev1/tasks
parent: 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff)
download: vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz
vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip
6 files changed, 26 insertions, 24 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 82d647a6c..023119dd4 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -270,11 +270,6 @@ METHOD(task_t, build_i, status_t,
 				return FAILED;
 			}
 			id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
-			if (!id)
-			{
-				DBG1(DBG_CFG, "own identity not known");
-				return FAILED;
-			}
 			this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
 			id_payload = id_payload_create_from_identification(PLV1_ID, id);
 			this->id_data = id_payload->get_encoded(id_payload);
@@ -302,6 +297,7 @@ METHOD(task_t, build_i, status_t,
 									   this->id_data))
 			{
 				this->id_data = chunk_empty;
+				charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
 				return send_notify(this, AUTHENTICATION_FAILED);
 			}
 			this->id_data = chunk_empty;
@@ -330,6 +326,7 @@ METHOD(task_t, build_i, status_t,
 					}
 					if (!establish(this))
 					{
+						charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 						return send_notify(this, AUTHENTICATION_FAILED);
 					}
 					break;
@@ -428,6 +425,7 @@ METHOD(task_t, process_r, status_t,
 					{
 						DBG1(DBG_IKE, "Aggressive Mode PSK disabled for "
 							 "security reasons");
+						charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 						return send_notify(this, AUTHENTICATION_FAILED);
 					}
 					break;
@@ -455,6 +453,7 @@ METHOD(task_t, process_r, status_t,
 			if (!id_payload)
 			{
 				DBG1(DBG_IKE, "IDii payload missing");
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_notify(this, INVALID_PAYLOAD_TYPE);
 			}
 
@@ -465,6 +464,7 @@ METHOD(task_t, process_r, status_t,
 													  this->method, TRUE, id);
 			if (!this->peer_cfg)
 			{
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_notify(this, AUTHENTICATION_FAILED);
 			}
 			this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -493,6 +493,7 @@ METHOD(task_t, process_r, status_t,
 													this->method, TRUE, NULL);
 				if (!this->peer_cfg)
 				{
+					charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 					return send_delete(this);
 				}
 				this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -502,6 +503,7 @@ METHOD(task_t, process_r, status_t,
 			{
 				DBG1(DBG_IKE, "Aggressive Mode authorization hook forbids "
 					 "IKE_SA, cancelling");
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_delete(this);
 			}
 
@@ -528,6 +530,7 @@ METHOD(task_t, process_r, status_t,
 					}
 					if (!establish(this))
 					{
+						charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 						return send_delete(this);
 					}
 					job = adopt_children_job_create(
@@ -602,11 +605,6 @@ METHOD(task_t, build_r, status_t,
 		}
 
 		id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
-		if (!id)
-		{
-			DBG1(DBG_CFG, "own identity not known");
-			return send_notify(this, INVALID_ID_INFORMATION);
-		}
 		this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
 
 		id_payload = id_payload_create_from_identification(PLV1_ID, id);
@@ -615,6 +613,7 @@ METHOD(task_t, build_r, status_t,
 		if (!this->ph1->build_auth(this->ph1, this->method, message,
 								   id_payload->get_encoded(id_payload)))
 		{
+			charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
 			return send_notify(this, AUTHENTICATION_FAILED);
 		}
 		return NEED_MORE;
@@ -679,6 +678,7 @@ METHOD(task_t, process_i, status_t,
 		if (!id_payload)
 		{
 			DBG1(DBG_IKE, "IDir payload missing");
+			charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 			return send_delete(this);
 		}
 		id = id_payload->get_identification(id_payload);
@@ -687,6 +687,7 @@ METHOD(task_t, process_i, status_t,
 		{
 			DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid);
 			id->destroy(id);
+			charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 			return send_notify(this, INVALID_ID_INFORMATION);
 		}
 		this->ike_sa->set_other_id(this->ike_sa, id);
@@ -698,6 +699,7 @@ METHOD(task_t, process_i, status_t,
 		if (!this->ph1->verify_auth(this->ph1, this->method, message,
 									id_payload->get_encoded(id_payload)))
 		{
+			charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 			return send_notify(this, AUTHENTICATION_FAILED);
 		}
 		if (!charon->bus->authorize(charon->bus, FALSE))
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 6a296f221..b26a11bb4 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -59,7 +59,7 @@ struct private_isakmp_vendor_t {
 	ike_sa_t *ike_sa;
 
 	/**
-	 * Are we the inititator of this task
+	 * Are we the initiator of this task
 	 */
 	bool initiator;
 
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 1f764e547..b60c84992 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -332,11 +332,6 @@ METHOD(task_t, build_i, status_t,
 			identification_t *id;
 
 			id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
-			if (!id)
-			{
-				DBG1(DBG_CFG, "own identity not known");
-				return send_notify(this, INVALID_ID_INFORMATION);
-			}
 			this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
 			id_payload = id_payload_create_from_identification(PLV1_ID, id);
 			message->add_payload(message, &id_payload->payload_interface);
@@ -344,6 +339,7 @@ METHOD(task_t, build_i, status_t,
 			if (!this->ph1->build_auth(this->ph1, this->method, message,
 									   id_payload->get_encoded(id_payload)))
 			{
+				charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
 				return send_notify(this, AUTHENTICATION_FAILED);
 			}
 
@@ -445,6 +441,7 @@ METHOD(task_t, process_r, status_t,
 			if (!id_payload)
 			{
 				DBG1(DBG_IKE, "IDii payload missing");
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_notify(this, INVALID_PAYLOAD_TYPE);
 			}
 			id = id_payload->get_identification(id_payload);
@@ -457,6 +454,7 @@ METHOD(task_t, process_r, status_t,
 													this->method, FALSE, id);
 				if (!this->peer_cfg)
 				{
+					charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 					return send_notify(this, AUTHENTICATION_FAILED);
 				}
 				this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -472,6 +470,7 @@ METHOD(task_t, process_r, status_t,
 			{
 				DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, "
 					 "cancelling");
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_notify(this, AUTHENTICATION_FAILED);
 			}
 
@@ -523,11 +522,6 @@ METHOD(task_t, build_r, status_t,
 			xauth_t *xauth = NULL;
 
 			id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
-			if (!id)
-			{
-				DBG1(DBG_CFG, "own identity not known");
-				return send_notify(this, INVALID_ID_INFORMATION);
-			}
 			this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
 
 			id_payload = id_payload_create_from_identification(PLV1_ID, id);
@@ -536,6 +530,7 @@ METHOD(task_t, build_r, status_t,
 			if (!this->ph1->build_auth(this->ph1, this->method, message,
 									   id_payload->get_encoded(id_payload)))
 			{
+				charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
 				return send_notify(this, AUTHENTICATION_FAILED);
 			}
 
@@ -562,6 +557,7 @@ METHOD(task_t, build_r, status_t,
 					}
 					if (!establish(this))
 					{
+						charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 						return send_notify(this, AUTHENTICATION_FAILED);
 					}
 					job = adopt_children_job_create(
@@ -688,6 +684,7 @@ METHOD(task_t, process_i, status_t,
 			if (!id_payload)
 			{
 				DBG1(DBG_IKE, "IDir payload missing");
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_delete(this);
 			}
 			id = id_payload->get_identification(id_payload);
@@ -696,6 +693,7 @@ METHOD(task_t, process_i, status_t,
 			{
 				DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid);
 				id->destroy(id);
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_delete(this);
 			}
 			this->ike_sa->set_other_id(this->ike_sa, id);
@@ -703,12 +701,14 @@ METHOD(task_t, process_i, status_t,
 			if (!this->ph1->verify_auth(this->ph1, this->method, message,
 										id_payload->get_encoded(id_payload)))
 			{
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_delete(this);
 			}
 			if (!charon->bus->authorize(charon->bus, FALSE))
 			{
 				DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, "
 					 "cancelling");
+				charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 				return send_delete(this);
 			}
 
@@ -736,6 +736,7 @@ METHOD(task_t, process_i, status_t,
 					}
 					if (!establish(this))
 					{
+						charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
 						return send_delete(this);
 					}
 					break;
diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index 43897c304..9b692588d 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -583,7 +583,6 @@ static status_t build_ack(private_mode_config_t *this, message_t *message)
 	enumerator = this->vips->create_enumerator(this->vips);
 	while (enumerator->enumerate(enumerator, &host))
 	{
-		type = INTERNAL_IP6_ADDRESS;
 		if (host->get_family(host) == AF_INET6)
 		{
 			type = INTERNAL_IP6_ADDRESS;
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 5e5b61e7f..007e94d96 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -544,7 +544,7 @@ static traffic_selector_t* select_ts(private_quick_mode_t *this, bool local,
 
 	hosts = get_dynamic_hosts(this->ike_sa, local);
 	list = this->config->get_traffic_selectors(this->config,
-											   local, supplied, hosts);
+											   local, supplied, hosts, TRUE);
 	hosts->destroy(hosts);
 	if (list->get_first(list, (void**)&ts) == SUCCESS)
 	{
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index 968b4386c..bec2cfe7d 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -226,7 +226,7 @@ static bool select_compliant_config(private_xauth_t *this)
 	{	/* current config is fine */
 		return TRUE;
 	}
-	DBG1(DBG_CFG, "selected peer config '%s' inacceptable",
+	DBG1(DBG_CFG, "selected peer config '%s' unacceptable",
 		 old->get_name(old));
 	aggressive = old->use_aggressive(old);
author	Yves-Alexis Perez <corsac@debian.org>	2018-09-24 15:11:14 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2018-09-24 15:11:14 +0200
commit	e0e280b7669435b991b7e457abd8aa450930b3e8 (patch)
tree	3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /src/libcharon/sa/ikev1/tasks
parent	51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff)
download	vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip