Imported Upstream version 5.3.4

4 files changed, 16 insertions, 8 deletions

diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index d0994a961..a03477e18 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -482,7 +482,9 @@ static host_t *assign_migrated_vip(linked_list_t *migrated, host_t *requested)
 	enumerator = migrated->create_enumerator(migrated);
 	while (enumerator->enumerate(enumerator, &vip))
 	{
-		if (vip->ip_equals(vip, requested))
+		if (vip->ip_equals(vip, requested) ||
+		   (requested->is_anyaddr(requested) &&
+			requested->get_family(requested) == vip->get_family(vip)))
 		{
 			migrated->remove_at(migrated, enumerator);
 			found = vip;
diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c
index 1b95a8b11..ade59a2dd 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_delete.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c
@@ -115,7 +115,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol,
 	if (this->expired)
 	{
 		DBG0(DBG_IKE, "closing expired CHILD_SA %s{%d} "
-			 "with SPIs %.8x_i %.8x_o and TS %#R=== %#R",
+			 "with SPIs %.8x_i %.8x_o and TS %#R === %#R",
 			 child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa),
 			 ntohl(child_sa->get_spi(child_sa, TRUE)),
 			 ntohl(child_sa->get_spi(child_sa, FALSE)), my_ts, other_ts);
@@ -126,7 +126,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol,
 		child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out, NULL);
 
 		DBG0(DBG_IKE, "closing CHILD_SA %s{%d} with SPIs "
-			 "%.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R",
+			 "%.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R === %#R",
 			 child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa),
 			 ntohl(child_sa->get_spi(child_sa, TRUE)), bytes_in,
 			 ntohl(child_sa->get_spi(child_sa, FALSE)), bytes_out,
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index d6a3f2cd1..e7d26443b 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -388,7 +388,7 @@ static bool install(private_quick_mode_t *this)
 				this->child_sa->create_ts_enumerator(this->child_sa, FALSE));
 
 	DBG0(DBG_IKE, "CHILD_SA %s{%d} established "
-		 "with SPIs %.8x_i %.8x_o and TS %#R=== %#R",
+		 "with SPIs %.8x_i %.8x_o and TS %#R === %#R",
 		 this->child_sa->get_name(this->child_sa),
 		 this->child_sa->get_unique_id(this->child_sa),
 		 ntohl(this->child_sa->get_spi(this->child_sa, TRUE)),
@@ -1026,7 +1026,7 @@ METHOD(task_t, process_r, status_t,
 {
 	if (this->mid && this->mid != message->get_message_id(message))
 	{	/* not responsible for this quick mode exchange */
-		return NEED_MORE;
+		return INVALID_ARG;
 	}
 
 	switch (this->state)
@@ -1200,7 +1200,7 @@ METHOD(task_t, build_r, status_t,
 {
 	if (this->mid && this->mid != message->get_message_id(message))
 	{	/* not responsible for this quick mode exchange */
-		return NEED_MORE;
+		return INVALID_ARG;
 	}
 
 	switch (this->state)
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index a770e90ff..c0c91574c 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -271,7 +271,10 @@ static bool add_auth_cfg(private_xauth_t *this, identification_t *id, bool local
 
 	auth = auth_cfg_create();
 	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_XAUTH);
-	auth->add(auth, AUTH_RULE_XAUTH_IDENTITY, id->clone(id));
+	if (id)
+	{
+		auth->add(auth, AUTH_RULE_XAUTH_IDENTITY, id->clone(id));
+	}
 	auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), FALSE);
 	this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);
 
@@ -342,7 +345,10 @@ METHOD(task_t, build_i, status_t,
 				break;
 			case SUCCESS:
 				DESTROY_IF(cp);
-				this->status = XAUTH_OK;
+				if (add_auth_cfg(this, NULL, FALSE) && allowed(this))
+				{
+					this->status = XAUTH_OK;
+				}
 				this->public.task.process = _process_i_status;
 				return build_i_status(this, message);
 			default: